Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
WSock.dll

Overview

General Information

Sample name:WSock.dll
Analysis ID:1559312
MD5:3612fee7ae3ee6480c3804845c579255
SHA1:6254940b4247ba8a0581a362813be070d0e34b99
SHA256:990357fe141b7e0ef376eb3d71279a6d160f8bbbd3e6d25e269c34af50e6ef04
Tags:dllopendiruser-Joker
Infos:

Detection

Ramnit
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Ramnit
AI detected suspicious sample
Drops executables to the windows directory (C:\Windows) and starts them
Found evasive API chain (may stop execution after checking mutex)
Machine Learning detection for dropped file
Machine Learning detection for sample
Contains functionality to call native functions
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected non-DNS traffic on DNS port
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found evasive API chain (may stop execution after accessing registry keys)
Found evasive API chain (may stop execution after checking a module file name)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May infect USB drives
PE file contains sections with non-standard names
Potential browser exploit detected (process start blacklist hit)
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Remote Thread Creation By Uncommon Source Image
Sigma detected: Use Short Name Path in Command Line
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 4300 cmdline: loaddll32.exe "C:\Users\user\Desktop\WSock.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618)
    • conhost.exe (PID: 5480 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 1412 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\WSock.dll",#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • rundll32.exe (PID: 3876 cmdline: rundll32.exe "C:\Users\user\Desktop\WSock.dll",#1 MD5: 889B99C52A60DD49227C5E485A016679)
        • rundll32Srv.exe (PID: 6760 cmdline: C:\Windows\SysWOW64\rundll32Srv.exe MD5: FF5E1F27193CE51EEC318714EF038BEF)
          • DesktopLayer.exe (PID: 5764 cmdline: "C:\Program Files (x86)\Microsoft\DesktopLayer.exe" MD5: FF5E1F27193CE51EEC318714EF038BEF)
            • iexplore.exe (PID: 5736 cmdline: "C:\Program Files\Internet Explorer\iexplore.exe" MD5: CFE2E6942AC1B72981B3105E22D3224E)
              • iexplore.exe (PID: 6972 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5736 CREDAT:17410 /prefetch:2 MD5: 6F0F06D6AB125A99E43335427066A4A1)
                • ie_to_edge_stub.exe (PID: 1432 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=10436 MD5: 89CF8972D683795DAB6901BC9456675D)
                  • msedge.exe (PID: 7200 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=10436 MD5: 69222B8101B0601CC6663F8381E7E00F)
                    • msedge.exe (PID: 7472 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=2060,i,17826579582961614741,2272508256986252426,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
                • ssvagent.exe (PID: 7184 cmdline: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new MD5: F9A898A606E7F5A1CD7CFFA8079253A0)
              • iexplore.exe (PID: 8528 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5736 CREDAT:17414 /prefetch:2 MD5: 6F0F06D6AB125A99E43335427066A4A1)
              • iexplore.exe (PID: 9060 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5736 CREDAT:82950 /prefetch:2 MD5: 6F0F06D6AB125A99E43335427066A4A1)
              • iexplore.exe (PID: 7724 cmdline: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5736 CREDAT:17420 /prefetch:2 MD5: 6F0F06D6AB125A99E43335427066A4A1)
    • rundll32.exe (PID: 1408 cmdline: rundll32.exe C:\Users\user\Desktop\WSock.dll,LibClassDesc MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 7444 cmdline: rundll32.exe C:\Users\user\Desktop\WSock.dll,LibDescription MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32Srv.exe (PID: 7544 cmdline: C:\Windows\SysWOW64\rundll32Srv.exe MD5: FF5E1F27193CE51EEC318714EF038BEF)
        • DesktopLayer.exe (PID: 7724 cmdline: "C:\Program Files (x86)\Microsoft\DesktopLayer.exe" MD5: FF5E1F27193CE51EEC318714EF038BEF)
          • iexplore.exe (PID: 8396 cmdline: "C:\Program Files\Internet Explorer\iexplore.exe" MD5: CFE2E6942AC1B72981B3105E22D3224E)
    • rundll32.exe (PID: 6912 cmdline: rundll32.exe C:\Users\user\Desktop\WSock.dll,LibNumberClasses MD5: 889B99C52A60DD49227C5E485A016679)
    • loaddll32Srv.exe (PID: 8740 cmdline: C:\Windows\system32\loaddll32Srv.exe MD5: FF5E1F27193CE51EEC318714EF038BEF)
      • DesktopLayer.exe (PID: 8816 cmdline: "C:\Program Files (x86)\Microsoft\DesktopLayer.exe" MD5: FF5E1F27193CE51EEC318714EF038BEF)
        • iexplore.exe (PID: 8940 cmdline: "C:\Program Files\Internet Explorer\iexplore.exe" MD5: CFE2E6942AC1B72981B3105E22D3224E)
    • rundll32.exe (PID: 8756 cmdline: rundll32.exe "C:\Users\user\Desktop\WSock.dll",LibClassDesc MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 8764 cmdline: rundll32.exe "C:\Users\user\Desktop\WSock.dll",LibDescription MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32Srv.exe (PID: 9176 cmdline: C:\Windows\SysWOW64\rundll32Srv.exe MD5: FF5E1F27193CE51EEC318714EF038BEF)
        • DesktopLayer.exe (PID: 9204 cmdline: "C:\Program Files (x86)\Microsoft\DesktopLayer.exe" MD5: FF5E1F27193CE51EEC318714EF038BEF)
          • iexplore.exe (PID: 1396 cmdline: "C:\Program Files\Internet Explorer\iexplore.exe" MD5: CFE2E6942AC1B72981B3105E22D3224E)
    • rundll32.exe (PID: 8776 cmdline: rundll32.exe "C:\Users\user\Desktop\WSock.dll",LibNumberClasses MD5: 889B99C52A60DD49227C5E485A016679)
    • rundll32.exe (PID: 8796 cmdline: rundll32.exe "C:\Users\user\Desktop\WSock.dll",LibVersion MD5: 889B99C52A60DD49227C5E485A016679)
  • msedge.exe (PID: 7552 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=10436 --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7960 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2780 --field-trial-handle=1988,i,11845667216547676370,5432246328474800705,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8628 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6004 --field-trial-handle=1988,i,11845667216547676370,5432246328474800705,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RamnitAccording to Check Point, Ramnit is primarily a banking trojan, meaning that its purpose is to steal login credentials for online banking, which cybercriminals can sell or use in future attacks. For this reason, Ramnit primarily targets individuals rather than focusing on particular industries.Ramnit campaigns have been observed to target organizations in particular industries. For example, a 2019 campaign targeted financial organizations in the United Kingdom, Italy, and Canada.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.ramnit

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Program Files (x86)\Microsoft\DesktopLayer.exeMAL_Ramnit_May19_1Detects Ramnit malwareFlorian Roth
    C:\Windows\SysWOW64\rundll32Srv.exeMAL_Ramnit_May19_1Detects Ramnit malwareFlorian Roth
      C:\Windows\SysWOW64\loaddll32Srv.exeMAL_Ramnit_May19_1Detects Ramnit malwareFlorian Roth

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmpJoeSecurity_RamnitYara detected RamnitJoe Security
          00000013.00000002.1302171907.0000000000400000.00000040.00000001.01000000.00000004.sdmpJoeSecurity_RamnitYara detected RamnitJoe Security
            00000029.00000002.1379208634.0000000000400000.00000040.00000001.01000000.00000005.sdmpJoeSecurity_RamnitYara detected RamnitJoe Security
              00000015.00000002.1320860861.0000000000400000.00000040.00000001.01000000.00000005.sdmpJoeSecurity_RamnitYara detected RamnitJoe Security
                0000001F.00000002.1350693786.0000000000400000.00000040.00000001.01000000.00000013.sdmpJoeSecurity_RamnitYara detected RamnitJoe Security
                  Click to see the 11 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  41.0.DesktopLayer.exe.400000.0.unpackMAL_Ramnit_May19_1Detects Ramnit malwareFlorian Roth
                    21.2.DesktopLayer.exe.404031.0.raw.unpackJoeSecurity_RamnitYara detected RamnitJoe Security
                      36.0.DesktopLayer.exe.400000.0.unpackMAL_Ramnit_May19_1Detects Ramnit malwareFlorian Roth
                        21.0.DesktopLayer.exe.400000.0.unpackMAL_Ramnit_May19_1Detects Ramnit malwareFlorian Roth
                          19.0.rundll32Srv.exe.400000.0.unpackMAL_Ramnit_May19_1Detects Ramnit malwareFlorian Roth
                            Click to see the 27 entries

                            Sigma Signatures

                            System Summary

                            barindex
                            Sigma detected: Remote Thread Creation By Uncommon Source Image
                            Source: Threat createdAuthor: Perez Diego (@darkquassar), oscd.community: Data: EventID: 8, SourceImage: C:\Program Files (x86)\Internet Explorer\iexplore.exe, SourceProcessId: 7724, StartAddress: 6EA90300, TargetImage: C:\Program Files (x86)\Microsoft\DesktopLayer.exe, TargetProcessId: 7724
                            Sigma detected: Use Short Name Path in Command Line
                            Source: Process startedAuthor: frack113, Nasreddine Bencherchali: Data: Command: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new, CommandLine: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new, CommandLine|base64offset|contains: w, Image: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe, NewProcessName: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe, OriginalFileName: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe, ParentCommandLine: "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5736 CREDAT:17410 /prefetch:2, ParentImage: C:\Program Files (x86)\Internet Explorer\iexplore.exe, ParentProcessId: 6972, ParentProcessName: iexplore.exe, ProcessCommandLine: "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new, ProcessId: 7184, ProcessName: ssvagent.exe
                            Sigma detected: Modification of IE Registry Settings
                            Source: Registry Key setAuthor: frack113: Data: Details: 1, EventID: 13, EventType: SetValue, Image: C:\Program Files\Internet Explorer\iexplore.exe, ProcessId: 5736, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\SecuritySafe

                            Suricata Signatures

                            No Suricata rule has matched

                            Joe Sandbox Signatures

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Antivirus / Scanner detection for submitted sample
                            Source: WSock.dllAvira: detected
                            Antivirus detection for dropped file
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeAvira: detection malicious, Label: TR/Crypt.XPACK.AB.1
                            Multi AV Scanner detection for dropped file
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeReversingLabs: Detection: 100%
                            Source: C:\Windows\SysWOW64\loaddll32Srv.exeReversingLabs: Detection: 100%
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeReversingLabs: Detection: 100%
                            Multi AV Scanner detection for submitted file
                            Source: WSock.dllReversingLabs: Detection: 94%
                            AI detected suspicious sample
                            Source: Submited SampleIntegrated Neural Analysis Model: Matched 91.5% probability
                            Machine Learning detection for dropped file
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeJoe Sandbox ML: detected
                            Machine Learning detection for sample
                            Source: WSock.dllJoe Sandbox ML: detected
                            Source: WSock.dllStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DLL
                            Source: unknownHTTPS traffic detected: 18.244.18.38:443 -> 192.168.2.7:49743 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 18.244.18.38:443 -> 192.168.2.7:49744 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 151.101.194.137:443 -> 192.168.2.7:49751 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 151.101.194.137:443 -> 192.168.2.7:49752 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 18.244.18.38:443 -> 192.168.2.7:49758 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 18.244.18.38:443 -> 192.168.2.7:49759 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 151.101.194.137:443 -> 192.168.2.7:49765 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 151.101.194.137:443 -> 192.168.2.7:49766 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 18.244.18.38:443 -> 192.168.2.7:49819 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 18.244.18.38:443 -> 192.168.2.7:49820 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 18.244.18.38:443 -> 192.168.2.7:49820 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 151.101.129.108:443 -> 192.168.2.7:49843 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 151.101.129.108:443 -> 192.168.2.7:49842 version: TLS 1.2
                            Source: rundll32Srv.exeBinary or memory string: [autorun] action=Open icon=%%WinDir%%\system32\shell32.dll,4 shellexecute=.\%s shell\explore\command=.\%s USEAUTOPLAY=1 shell\Open\command=.\%s
                            Source: rundll32Srv.exeBinary or memory string: autorun.inf
                            Source: rundll32Srv.exe, 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmpBinary or memory string: autorun.inf
                            Source: rundll32Srv.exe, 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmpBinary or memory string: [autorun]
                            Source: rundll32Srv.exe, 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmpBinary or memory string: //--></SCRIPT>RmNautorun.infRECYCLER.exe[autorun]
                            Source: rundll32Srv.exe, 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmpBinary or memory string: //--></SCRIPT>RmNautorun.infRECYCLER.exe[autorun]
                            Source: DesktopLayer.exeBinary or memory string: [autorun] action=Open icon=%%WinDir%%\system32\shell32.dll,4 shellexecute=.\%s shell\explore\command=.\%s USEAUTOPLAY=1 shell\Open\command=.\%s
                            Source: DesktopLayer.exeBinary or memory string: autorun.inf
                            Source: DesktopLayer.exe, 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: autorun.inf
                            Source: DesktopLayer.exe, 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: [autorun]
                            Source: DesktopLayer.exe, 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: //--></SCRIPT>RmNautorun.infRECYCLER.exe[autorun]
                            Source: DesktopLayer.exe, 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: //--></SCRIPT>RmNautorun.infRECYCLER.exe[autorun]
                            Source: rundll32Srv.exe, 00000013.00000002.1302171907.0000000000400000.00000040.00000001.01000000.00000004.sdmpBinary or memory string: autorun.inf
                            Source: rundll32Srv.exe, 00000013.00000002.1302171907.0000000000400000.00000040.00000001.01000000.00000004.sdmpBinary or memory string: [autorun]
                            Source: rundll32Srv.exe, 00000013.00000002.1302171907.0000000000400000.00000040.00000001.01000000.00000004.sdmpBinary or memory string: //--></SCRIPT>RmNautorun.infRECYCLER.exe[autorun]
                            Source: rundll32Srv.exe, 00000013.00000002.1302171907.0000000000400000.00000040.00000001.01000000.00000004.sdmpBinary or memory string: //--></SCRIPT>RmNautorun.infRECYCLER.exe[autorun]
                            Source: DesktopLayer.exe, 00000015.00000002.1320860861.0000000000400000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: autorun.inf
                            Source: DesktopLayer.exe, 00000015.00000002.1320860861.0000000000400000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: [autorun]
                            Source: DesktopLayer.exe, 00000015.00000002.1320860861.0000000000400000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: //--></SCRIPT>RmNautorun.infRECYCLER.exe[autorun]
                            Source: DesktopLayer.exe, 00000015.00000002.1320860861.0000000000400000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: //--></SCRIPT>RmNautorun.infRECYCLER.exe[autorun]
                            Source: loaddll32Srv.exe, 0000001F.00000002.1350693786.0000000000400000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: autorun.inf
                            Source: loaddll32Srv.exe, 0000001F.00000002.1350693786.0000000000400000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: [autorun]
                            Source: loaddll32Srv.exe, 0000001F.00000002.1350693786.0000000000400000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: //--></SCRIPT>RmNautorun.infRECYCLER.exe[autorun]
                            Source: loaddll32Srv.exe, 0000001F.00000002.1350693786.0000000000400000.00000040.00000001.01000000.00000013.sdmpBinary or memory string: //--></SCRIPT>RmNautorun.infRECYCLER.exe[autorun]
                            Source: DesktopLayer.exe, 00000024.00000002.1364558971.0000000000400000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: autorun.inf
                            Source: DesktopLayer.exe, 00000024.00000002.1364558971.0000000000400000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: [autorun]
                            Source: DesktopLayer.exe, 00000024.00000002.1364558971.0000000000400000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: //--></SCRIPT>RmNautorun.infRECYCLER.exe[autorun]
                            Source: DesktopLayer.exe, 00000024.00000002.1364558971.0000000000400000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: //--></SCRIPT>RmNautorun.infRECYCLER.exe[autorun]
                            Source: rundll32Srv.exe, 00000028.00000002.1374564126.0000000000400000.00000040.00000001.01000000.00000004.sdmpBinary or memory string: autorun.inf
                            Source: rundll32Srv.exe, 00000028.00000002.1374564126.0000000000400000.00000040.00000001.01000000.00000004.sdmpBinary or memory string: [autorun]
                            Source: rundll32Srv.exe, 00000028.00000002.1374564126.0000000000400000.00000040.00000001.01000000.00000004.sdmpBinary or memory string: //--></SCRIPT>RmNautorun.infRECYCLER.exe[autorun]
                            Source: rundll32Srv.exe, 00000028.00000002.1374564126.0000000000400000.00000040.00000001.01000000.00000004.sdmpBinary or memory string: //--></SCRIPT>RmNautorun.infRECYCLER.exe[autorun]
                            Source: DesktopLayer.exe, 00000029.00000002.1379208634.0000000000400000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: autorun.inf
                            Source: DesktopLayer.exe, 00000029.00000002.1379208634.0000000000400000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: [autorun]
                            Source: DesktopLayer.exe, 00000029.00000002.1379208634.0000000000400000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: //--></SCRIPT>RmNautorun.infRECYCLER.exe[autorun]
                            Source: DesktopLayer.exe, 00000029.00000002.1379208634.0000000000400000.00000040.00000001.01000000.00000005.sdmpBinary or memory string: //--></SCRIPT>RmNautorun.infRECYCLER.exe[autorun]
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 5_2_004011DF FindFirstFileA,FindClose,5_2_004011DF
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 7_2_004011DF FindFirstFileA,FindClose,7_2_004011DF
                            Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe
                            Source: global trafficTCP traffic: 192.168.2.7:62881 -> 1.1.1.1:53
                            Source: global trafficTCP traffic: 192.168.2.7:55508 -> 1.1.1.1:53
                            Source: Joe Sandbox ViewIP Address: 151.101.129.108 151.101.129.108
                            Source: Joe Sandbox ViewIP Address: 152.195.19.97 152.195.19.97
                            Source: Joe Sandbox ViewIP Address: 18.244.18.38 18.244.18.38
                            Source: Joe Sandbox ViewJA3 fingerprint: 6271f898ce5be7dd52b0fc260d0662b3
                            Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
                            Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
                            Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
                            Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
                            Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
                            Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
                            Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
                            Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
                            Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
                            Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
                            Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
                            Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
                            Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
                            Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
                            Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
                            Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
                            Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: global trafficHTTP traffic detected: GET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                            Source: global trafficHTTP traffic detected: GET /b?rn=1732101388357&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=2B8265CB986F6AAB216270F699766BFB&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/?ocid=iehpAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: sb.scorecardresearch.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /jquery-3.6.3.min.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.msn.com/?ocid=iehpAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: code.jquery.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /jquery-3.6.3.min.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.msn.com/?ocid=iehpAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: code.jquery.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /b?rn=1732101388895&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=2B8265CB986F6AAB216270F699766BFB&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/?ocid=iehpAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: sb.scorecardresearch.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /b2?rn=1732101388895&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=2B8265CB986F6AAB216270F699766BFB&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/?ocid=iehpAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: sb.scorecardresearch.comConnection: Keep-AliveCookie: UID=16D958ca13a19c8f088178a1732101390
                            Source: global trafficHTTP traffic detected: GET /b2?rn=1732101388357&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=2B8265CB986F6AAB216270F699766BFB&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/?ocid=iehpAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: sb.scorecardresearch.comConnection: Keep-AliveCookie: UID=16D958ca13a19c8f088178a1732101390
                            Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1732706185&P2=404&P3=2&P4=V6mNaCeNoH8LNEcQtVRF9AhFIgF0ObzO1ATiVnnJ16XVvFdHqYmnz4ainoGxCW7Xh9ZbJywzCBNwck%2f9sCNWAA%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: MIQxLQfryzJVHDLEwpQoLWSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                            Source: global trafficHTTP traffic detected: GET /b?rn=1732101393612&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=2B8265CB986F6AAB216270F699766BFB&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: https://www.msn.com/?ocid=iehpAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: sb.scorecardresearch.comConnection: Keep-AliveCookie: UID=16D958ca13a19c8f088178a1732101390
                            Source: global trafficHTTP traffic detected: GET /ast/ast.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: https://www.msn.com/?ocid=iehpAccept-Language: en-CHUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: acdn.adnxs.comConnection: Keep-Alive
                            Source: iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)
                            Source: iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)
                            Source: msapplication.xml1.8.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xa6f56920,0x01db3b3d</date><accdate>0xa6f56920,0x01db3b3d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
                            Source: msapplication.xml6.8.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xa7016a4b,0x01db3b3d</date><accdate>0xa703bb90,0x01db3b3d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
                            Source: iexplore.exe, 00000008.00000002.2511183769.0000029F7DB59000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2511183769.0000029F7DB50000.00000004.00000020.00020000.00000000.sdmp, msapplication.xml8.8.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xa7060c3f,0x01db3b3d</date><accdate>0xa7085dfb,0x01db3b3d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: URLhttp://www.facebook.com/ equals www.facebook.com (Facebook)
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: URLhttp://www.twitter.com/ equals www.twitter.com (Twitter)
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: URLhttp://www.youtube.com/ equals www.youtube.com (Youtube)
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2509099880.0000029F7D196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.facebook.com/ equals www.facebook.com (Facebook)
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.facebook.com/favicon.icoW equals www.facebook.com (Facebook)
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.myspace.com/favicon.icot equals www.myspace.com (Myspace)
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rambler.ru/ equals www.rambler.ru (Rambler)
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rambler.ru/favicon.icoH equals www.rambler.ru (Rambler)
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.twitter.com/ equals www.twitter.com (Twitter)
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.youtube.com/ equals www.youtube.com (Youtube)
                            Source: iexplore.exe, 00000008.00000002.2511530953.0000029F7E3D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.youtube.com/p equals www.youtube.com (Youtube)
                            Source: global trafficDNS traffic detected: DNS query: www.msn.com
                            Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
                            Source: global trafficDNS traffic detected: DNS query: sb.scorecardresearch.com
                            Source: global trafficDNS traffic detected: DNS query: api.msn.com
                            Source: global trafficDNS traffic detected: DNS query: assets.msn.com
                            Source: global trafficDNS traffic detected: DNS query: c.msn.com
                            Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
                            Source: global trafficDNS traffic detected: DNS query: code.jquery.com
                            Source: global trafficDNS traffic detected: DNS query: browser.events.data.msn.com
                            Source: global trafficDNS traffic detected: DNS query: acdn.adnxs.com
                            Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://amazon.fr/2
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79950000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://api.bing.c
                            Source: iexplore.exe, 00000008.00000002.2503154829.0000029F793D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ariadna.elmundo.es/
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ariadna.elmundo.es/=
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ariadna.elmundo.es/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://arianna.libero.it/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://arianna.libero.it/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asp.usatoday.com/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://asp.usatoday.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://auone.jp/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://br.search.yahoo.com/:
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://browse.guardian.co.uk/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://browse.guardian.co.uk/favicon.ico
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busca.buscape.com.br/
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busca.buscape.com.br/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busca.estadao.com.br/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busca.igbusca.com.br/
                            Source: iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F79966000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busca.orange.es/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busca.uol.com.br/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busca.uol.com.br/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://buscador.lycos.es/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://buscador.terra.com.br/t
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://buscador.terra.com/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://buscador.terra.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://buscador.terra.es/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://buscar.ozu.es/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://buscar.ya.com/
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://busqueda.aol.com.mx/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cerca.lycos.it/0
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F79966000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clients5.google.com/complete/search?hl=
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cnet.search.com/
                            Source: iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79986000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336872878.0000029F79985000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://corp.naukri.com/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://corp.naukri.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000002.2503747760.0000029F7941A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7941A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.co
                            Source: iexplore.exe, 00000008.00000002.2503747760.0000029F7941A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7941A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://de.search.yahoo.com/V
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://es.ask.com/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://es.search.yahoo.com/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79976000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://esearch.rakuten.co.jp/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://esearch.rakuten.co.jp/S4D
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://espanol.search.yahoo.com/
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://espn.go.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://find.joins.com/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://find.joins.com/%6
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fr.search.yahoo.com/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.pchome.com.tw/
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.altervista.org/
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.altervista.org/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ie.search.yahoo.com/os?command=
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ie8.ebay.com/open
                            Source: iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico?0
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://images.monster.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://img.atlas.cz/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336814174.0000029F79966000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
                            Source: iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.icoX
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://in.search.yahoo.com/
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://it.search.dada.net/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://it.search.dada.net/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://it.search.yahoo.com/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://jobsearch.monster.com/:
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://kr.search.yahoo.com/
                            Source: iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://list.taobao.com/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&q=
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://msk.afisha.ru/
                            Source: iexplore.exe, 00000008.00000003.1398505215.0000029F79538000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2503907510.0000029F79535000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1398683740.0000029F79538000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.a.0/sTy(/
                            Source: iexplore.exe, 00000008.00000003.1398505215.0000029F79538000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2503907510.0000029F79535000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1398683740.0000029F79538000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.hotosh?/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocnsearch.goo.ne.jp/
                            Source: iexplore.exe, 00000008.00000002.2503747760.0000029F7941A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7941A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0:
                            Source: iexplore.exe, 00000008.00000002.2503747760.0000029F7941A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7941A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.msocsp.com0
                            Source: iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://openimage.interpark.com/interpark.ico
                            Source: iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p.zhongsou.com/
                            Source: iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p.zhongsou.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://p.zhongsou.com/y5s
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://price.ru/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://price.ru/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://recherche.linternaute.com/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://recherche.tf1.fr/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://recherche.tf1.fr/t
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rover.ebay.com
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ru.search.yahoo.com
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sads.myspace.com/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search-dyn.tiscali.it/
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.about.com/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.alice.it/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.alice.it/favicon.ico
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.aol.co.uk/
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.aol.com/
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.aol.in/
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.atlas.cz/
                            Source: iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.auction.co.kr/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.auction.co.kr/S
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.auone.jp/
                            Source: iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.books.com.tw/
                            Source: iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.books.com.tw/favicon.ico
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.centrum.cz/
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.centrum.cz/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.chol.com/
                            Source: iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.chol.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.chol.com/favicon.icow
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.cn.yahoo.com/
                            Source: iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.daum.net/
                            Source: iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.daum.net/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.dreamwiz.com/
                            Source: iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.dreamwiz.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.co.uk/
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.com/
                            Source: iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.com/favicon.icoN
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.de/q
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.es/i
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.fr/K
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.in/
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ebay.it/
                            Source: iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.empas.com/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.empas.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.empas.com/favicon.ico/5
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.espn.go.com/w
                            Source: iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.gamer.com.tw/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.gamer.com.tw/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.gamer.com.tw/favicon.icoO?S
                            Source: iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.gismeteo.ru/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.gismeteo.ru/k5A
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.goo.ne.jp/
                            Source: iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.goo.ne.jp/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.goo.ne.jp/favicon.icok
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.hanafos.com/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.hanafos.com/96
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.hanafos.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79976000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.interpark.com/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.interpark.com/(5
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ipop.co.kr/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ipop.co.kr/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ipop.co.kr/favicon.ico/?
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.ipop.co.kr/s5y
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79950000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507174419.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&q=
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507174419.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79976000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&q=
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507174419.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79976000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&q=
                            Source: iexplore.exe, 00000008.00000003.1336650174.0000029F79976000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2503154829.0000029F793D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=
                            Source: iexplore.exe, 00000008.00000002.2501666423.0000029F76CBF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=AS5
                            Source: iexplore.exe, 00000008.00000002.2501666423.0000029F76CBF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=AS6
                            Source: iexplore.exe, 00000008.00000002.2501666423.0000029F76CBF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=CBPW
                            Source: iexplore.exe, 00000008.00000002.2503154829.0000029F79380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=IE7BOX&src=%7Breferrer:source?%7D0
                            Source: iexplore.exe, 00000008.00000002.2503154829.0000029F79380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=IE7RE&src=%7Breferrer:source?%7D
                            Source: iexplore.exe, 00000008.00000002.2503154829.0000029F79380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&FORM=MSNIE7&src=%7Breferrer:source?%7Ds
                            Source: iexplore.exe, 00000008.00000002.2503154829.0000029F79380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&Form=IE8SRC&src=%7Breferrer:source%7D=
                            Source: iexplore.exe, 00000008.00000002.2501666423.0000029F76CBF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&mkt=%7BLanguage%7D&FORM=IE8SRC&src=%7Breferr
                            Source: iexplore.exe, 00000008.00000002.2503154829.0000029F793BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&src=%7Breferrer:source?%7D
                            Source: iexplore.exe, 00000008.00000002.2503154829.0000029F79380000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&src=%7Breferrer:source?%7D&Form=IE8SRC
                            Source: iexplore.exe, 00000008.00000002.2501666423.0000029F76C70000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=%7BsearchTerms%7D&src=IE-SearchBox&Form=IE8SRC
                            Source: iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.livedoor.com/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.livedoor.com/Q5
                            Source: iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.livedoor.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.livedoor.com/favicon.icoq
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.lycos.co.uk/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.lycos.com/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.lycos.com/favicon.ico/
                            Source: iexplore.exe, 00000008.00000003.1336650174.0000029F79976000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=
                            Source: iexplore.exe, 00000008.00000002.2501666423.0000029F76CBF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS5
                            Source: iexplore.exe, 00000008.00000002.2501666423.0000029F76CBF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS6
                            Source: iexplore.exe, 00000008.00000002.2501666423.0000029F76C12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=CBPW
                            Source: iexplore.exe, 00000008.00000003.1336650174.0000029F79976000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=
                            Source: iexplore.exe, 00000008.00000002.2501666423.0000029F76CBF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=%7BsearchTerms%7D&FORM=AS5
                            Source: iexplore.exe, 00000008.00000002.2501666423.0000029F76CBF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=%7BsearchTerms%7D&FORM=AS6
                            Source: iexplore.exe, 00000008.00000002.2503154829.0000029F793D9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=%7BsearchTerms%7D&FORM=CBPWOd9
                            Source: iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.com.cn/results.aspx?q=
                            Source: iexplore.exe, 00000008.00000003.1336763305.0000029F79974000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=
                            Source: iexplore.exe, 00000008.00000002.2501666423.0000029F76CBF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=%7BsearchTerms%7D&FORM=AS5
                            Source: iexplore.exe, 00000008.00000002.2501666423.0000029F76CBF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=%7BsearchTerms%7D&FORM=AS6
                            Source: iexplore.exe, 00000008.00000002.2501666423.0000029F76CBF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=%7BsearchTerms%7D&FORM=CBPW
                            Source: iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.nate.com/
                            Source: iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.naver.com/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.naver.com/36
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.naver.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.nifty.com/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.nifty.com/P
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.orange.co.uk/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.orange.co.uk/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.rediff.com/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.rediff.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.seznam.cz/X
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.seznam.cz/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.sify.com/6
                            Source: iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.yahoo.co.jp
                            Source: iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.yahoo.co.jp/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.yahoo.co.jp/favicon.icoa
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.yahoo.com/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.yahoo.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.yahoo.com/favicon.icoO
                            Source: iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&amp;p=
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&p=
                            Source: iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search.yam.com/
                            Source: iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search1.taobao.com/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://search2.estadao.com.br/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://searchresults.news.com.au/P
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://service2.bfast.com/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sitesearch.timesonline.co.uk/1
                            Source: iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://so-net.search.goo.ne.jp/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://so-net.search.goo.ne.jp/p
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://suche.aol.de/
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://suche.freenet.de/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://suche.freenet.de/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://suche.lycos.de/z
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://suche.t-online.de/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://suche.web.de/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://suche.web.de/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tw.search.yahoo.com/
                            Source: iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://udn.com/
                            Source: iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://udn.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://uk.ask.com/
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://uk.ask.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://uk.search.yahoo.com/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vachercher.lycos.fr/(
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://video.globo.com/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://video.globo.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.ask.com/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507174419.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.abril.com.br/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.abril.com.br/&
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.abril.com.br/)
                            Source: iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.abril.com.br/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.afisha.ru/App_Themes/Default/images/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.alarabiya.net/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.alarabiya.net/e5G
                            Source: iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.alarabiya.net/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.alarabiya.net/favicon.icoY
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.co.jp/
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.co.uk/E
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D196000.00000004.00000020.00020000.00000000.sdmp, msapplication.xml.8.drString found in binary or memory: http://www.amazon.com/
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&keyword=
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.com/favicon.ico#
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.com/gp/search?ie=UTF8&tag=ie8search-20&index=blended&linkCode=qs&camp=1789&creativ
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.amazon.de/
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.aol.com/favicon.ico5
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.arrakis.com/
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.arrakis.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.asharqalawsat.com/
                            Source: iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.asharqalawsat.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.asharqalawsat.com/favicon.icoy
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ask.com/~
                            Source: iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.auction.co.kr/auction.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.auction.co.kr/auction.icoi
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.baidu.com/favicon.icoe
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.baidu.com/r
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cdiscount.com/#
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cdiscount.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507174419.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ceneo.pl/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ceneo.pl/N
                            Source: iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ceneo.pl/favicon.ico
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico##U
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79976000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cjmall.com/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cjmall.com/G6
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79976000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cjmall.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cjmall.com/favicon.icoZ4
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.clarin.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cnet.co.uk/
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cnet.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dailymail.co.uk/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dailymail.co.uk/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.etmall.com.tw/
                            Source: iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.etmall.com.tw/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.excite.co.jp/
                            Source: iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.excite.co.jp/h
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.excite.co.jp/i
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.expedia.com/1
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.expedia.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gismeteo.ru/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79976000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gmarket.co.kr/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gmarket.co.kr/M6
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79976000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gmarket.co.kr/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.gmarket.co.kr/favicon.icoI
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.co.in/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.co.jp/
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.co.uk/
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com.br/c
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com.sa/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com.tw/
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D196000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmp, msapplication.xml2.8.drString found in binary or memory: http://www.google.com/
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com//
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/favicon.icob
                            Source: iexplore.exe, 00000008.00000002.2511530953.0000029F7E3D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/ig
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.cz/o
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.de/7
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.es/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.fr/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.it/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.pl/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.ru/.
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.google.si/
                            Source: iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iask.com/
                            Source: iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iask.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kkbox.com.tw/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kkbox.com.tw/?6
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.kkbox.com.tw/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.linternaute.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D196000.00000004.00000020.00020000.00000000.sdmp, msapplication.xml3.8.drString found in binary or memory: http://www.live.com/
                            Source: iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.maktoob.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.maktoob.com/favicon.ico6
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mercadolivre.com.br/E
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507174419.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.merlin.com.pl/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.merlin.com.pl/d
                            Source: iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507174419.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.merlin.com.pl/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mtv.com/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mtv.com/favicon.icoi
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.myspace.com/favicon.icot
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.najdi.si/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.najdi.si/favicon.ico(
                            Source: iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nate.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.neckermann.de/D
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.neckermann.de/favicon.ico9
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.news.com.au/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.nifty.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D196000.00000004.00000020.00020000.00000000.sdmp, msapplication.xml4.8.drString found in binary or memory: http://www.nytimes.com/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ocn.ne.jp/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.orange.fr/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.otto.de/favicon.icoL
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ozon.ru/
                            Source: iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ozon.ru/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ozon.ru/favicon.icoZ
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ozu.es/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.paginasamarillas.es/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.paginasamarillas.es/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pchome.com.tw/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.priceminister.com/(
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.priceminister.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79976000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rakuten.co.jp/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rakuten.co.jp/favicon.icoA
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rambler.ru/
                            Source: iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rambler.ru/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rambler.ru/favicon.icoH
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.recherche.aol.fr/
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D196000.00000004.00000020.00020000.00000000.sdmp, msapplication.xml5.8.drString found in binary or memory: http://www.reddit.com/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rtl.de/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rtl.de/favicon.ico
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.servicios.clarin.com/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.shopzilla.com/J
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sify.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sogou.com/
                            Source: iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sogou.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.soso.com/
                            Source: iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.soso.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.t-online.de/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.taobao.com/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.taobao.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.taobao.com/favicon.ico:5
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.target.com/R
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.target.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tchibo.de/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tchibo.de/favicon.ico/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tesco.com/f
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tesco.com/favicon.icoP
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tiscali.it/favicon.icoW
                            Source: me[1].json.43.drString found in binary or memory: http://www.toyota.com/camry/
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D196000.00000004.00000020.00020000.00000000.sdmp, msapplication.xml6.8.drString found in binary or memory: http://www.twitter.com/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.univision.com/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.univision.com/favicon.icoQ
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.walmart.com/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.walmart.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D196000.00000004.00000020.00020000.00000000.sdmp, msapplication.xml7.8.drString found in binary or memory: http://www.wikipedia.com/
                            Source: iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ya.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.yam.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D196000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2511183769.0000029F7DB50000.00000004.00000020.00020000.00000000.sdmp, msapplication.xml8.8.drString found in binary or memory: http://www.youtube.com/
                            Source: iexplore.exe, 00000008.00000002.2511530953.0000029F7E3D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.youtube.com/p
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www3.fnac.com/
                            Source: iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www3.fnac.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F79966000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&Version=2008-06-26&Operation=ItemSea
                            Source: iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://z.about.com/m/a08.ico~
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppU7
                            Source: iexplore.exe, 00000008.00000003.1335947187.0000029F7B295000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1334416608.0000029F7B2C0000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507539629.0000029F7B2C0000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1335947187.0000029F7B2C0000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358877639.0000029F7B2C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingcsp
                            Source: iexplore.exe, 00000008.00000002.2507539629.0000029F7B33B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
                            Source: iexplore.exe, 00000008.00000003.2358877639.0000029F7B33B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507539629.0000029F7B33B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOStorage
                            Source: me[1].json.43.drString found in binary or memory: https://api.msn.com:443/msn/Feed/me?$top=32&delta=True&session=d2be5347-2bf0-484f-b5e2-51090a3be303&
                            Source: me[1].json.43.drString found in binary or memory: https://apnews.com/article/oregon-ducks-big-ten-championship-956ad70b1eb06468e8e893412eb8e5b5
                            Source: me[1].json.43.drString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gDrC
                            Source: me[1].json.43.drString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gDrC-dark
                            Source: me[1].json.43.drString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF8b
                            Source: me[1].json.43.drString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF8b-dark
                            Source: me[1].json.43.drString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb
                            Source: me[1].json.43.drString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gKhb-dark
                            Source: me[1].json.43.drString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gyvW
                            Source: me[1].json.43.drString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gyvW-dark
                            Source: me[1].json.43.drString found in binary or memory: https://deadline.com/2024/11/edward-norton-timothee-chalamet-relentless-playing-bob-dylan-biopic-123
                            Source: me[1].json.43.drString found in binary or memory: https://deadline.com/2024/11/nbc-midseason-premiere-dates-suits-la-st-denis-medical-happys-place-the
                            Source: me[1].json.43.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA15YhMq.img
                            Source: me[1].json.43.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA19ywjN.img
                            Source: me[1].json.43.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1g7bhz.img
                            Source: me[1].json.43.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1pmaNO.img
                            Source: me[1].json.43.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1pthnA.img
                            Source: me[1].json.43.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1pthnv.img
                            Source: me[1].json.43.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1ptte6.img
                            Source: me[1].json.43.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1u5j5T.img
                            Source: me[1].json.43.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1u5j5Z.img
                            Source: me[1].json.43.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1u5zmD.img
                            Source: me[1].json.43.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1umMRe.img
                            Source: me[1].json.43.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1umROV.img
                            Source: me[1].json.43.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1umZ8G.img
                            Source: me[1].json.43.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1uoiGY.img
                            Source: me[1].json.43.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1uosRp.img
                            Source: me[1].json.43.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1uovnO.img
                            Source: me[1].json.43.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA9EkAf.img
                            Source: me[1].json.43.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1d0ujS.img
                            Source: me[1].json.43.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1e6XdQ.img
                            Source: me[1].json.43.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1jtbc8.img
                            Source: me[1].json.43.drString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1l09XE.img
                            Source: iexplore.exe, 00000008.00000002.2501666423.0000029F76C70000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2501666423.0000029F76CB5000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1335947187.0000029F7B23A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1334416608.0000029F7B23A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
                            Source: iexplore.exe, 00000008.00000002.2501666423.0000029F76CA0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com25
                            Source: me[1].json.43.drString found in binary or memory: https://metro.co.uk/galleries/netflix-movie-watched-18-million-times-in-5-days-as-top-10-chart-is-re
                            Source: me[1].json.43.drString found in binary or memory: https://stacker.com/art-culture/osage-history-comes-hollywood-killers-flower-moon
                            Source: me[1].json.43.drString found in binary or memory: https://stacker.com/movies/50-best-movies-1994
                            Source: me[1].json.43.drString found in binary or memory: https://stacker.com/stories
                            Source: me[1].json.43.drString found in binary or memory: https://stacker.com/tv/100-best-tv-shows-all-time
                            Source: me[1].json.43.drString found in binary or memory: https://stacker.com/tv/50-best-netflix-original-series
                            Source: me[1].json.43.drString found in binary or memory: https://variety.com/2024/tv/awards/the-bear-emmys-record-most-comedy-wins-1236142760/
                            Source: me[1].json.43.drString found in binary or memory: https://variety.com/2024/tv/reviews/menendez-brothers-netflix-series-review-monsters-1236150885/
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/=iehpicoD
                            Source: me[1].json.43.drString found in binary or memory: https://www.forbes.com/sites/maryroeloffs/2024/10/04/menendez-brothers-case-gets-new-legal-review-as
                            Source: me[1].json.43.drString found in binary or memory: https://www.gobankingrates.com/consider-financial-advisor-not-wealthy-2287035/?utm_term=related_link
                            Source: me[1].json.43.drString found in binary or memory: https://www.gobankingrates.com/money/economy/how-much-money-is-in-the-world/?utm_term=incontent_link
                            Source: me[1].json.43.drString found in binary or memory: https://www.gobankingrates.com/retirement/planning/8-classic-cars-for-retirees-to-buy-for-hobby-and-
                            Source: me[1].json.43.drString found in binary or memory: https://www.gobankingrates.com/retirement/planning/the-standard-retirement-age-in-the-us-vs-5-europe
                            Source: me[1].json.43.drString found in binary or memory: https://www.gobankingrates.com/saving-money/30-biggest-dos-donts-buying-first-car/#12?utm_campaign=8
                            Source: me[1].json.43.drString found in binary or memory: https://www.gobankingrates.com/saving-money/car/4-most-affordable-cars-for-millennials-in-2024/?utm_
                            Source: me[1].json.43.drString found in binary or memory: https://www.gobankingrates.com/saving-money/car/cars-to-stay-away-from-in-retirement/?utm_term=incon
                            Source: me[1].json.43.drString found in binary or memory: https://www.gobankingrates.com/saving-money/car/cars-to-stay-away-from-in-retirement/?utm_term=relat
                            Source: me[1].json.43.drString found in binary or memory: https://www.gobankingrates.com/saving-money/car/cars-with-bad-reviews-to-avoid/?utm_term=related_lin
                            Source: me[1].json.43.drString found in binary or memory: https://www.gobankingrates.com/saving-money/car/great-cars-for-retirees-both-rich-poor-and-to-avoid/
                            Source: me[1].json.43.drString found in binary or memory: https://www.gobankingrates.com/saving-money/car/im-retired-boomer-new-cars-considering-buying/?utm_t
                            Source: me[1].json.43.drString found in binary or memory: https://www.gobankingrates.com/saving-money/car/reliable-used-cars-retirees-can-afford-in-2024/?utm_
                            Source: me[1].json.43.drString found in binary or memory: https://www.hollywoodreporter.com/movies/movie-news/sandra-bullock-keanu-reeves-speed-screening-reun
                            Source: me[1].json.43.drString found in binary or memory: https://www.imdb.com/
                            Source: me[1].json.43.drString found in binary or memory: https://www.imdb.com/search/title?title_type=feature&release_date=1994-01-01
                            Source: me[1].json.43.drString found in binary or memory: https://www.independent.co.uk/arts-entertainment/films/news/denzel-washington-oscars-kevin-spacey-b2
                            Source: me[1].json.43.drString found in binary or memory: https://www.jbmotorwork.com/
                            Source: me[1].json.43.drString found in binary or memory: https://www.kiro7.com/news/local/power-outages-rise-strong-pacific-storm-moves-into-washington/OQ4PO
                            Source: me[1].json.43.drString found in binary or memory: https://www.mentalfloss.com/article/20331/12-things-you-might-not-know-about-christmas-story-even-th
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D1F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/
                            Source: iexplore.exe, 00000008.00000003.2358877639.0000029F7B33B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507539629.0000029F7B33B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/-
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D190000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2503154829.0000029F793D2000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2503154829.0000029F7936F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2501666423.0000029F76CB9000.00000004.00000020.00020000.00000000.sdmp, ~DFC1BEF1BAD5311CF9.TMP.8.dr, ~DF883737C31EEA5A82.TMP.8.dr, {E1E9FBAA-A730-11EF-8C2C-ECF4BB82F7E0}.dat.8.dr, ~DF816C9E46CB83AEE7.TMP.8.dr, {DB56BE22-A730-11EF-8C2C-ECF4BB82F7E0}.dat.8.dr, {DB56BE24-A730-11EF-8C2C-ECF4BB82F7E0}.dat.8.dr, {E1E9FBA8-A730-11EF-8C2C-ECF4BB82F7E0}.dat.8.dr, ~DF45A9367251D86234.TMP.8.drString found in binary or memory: https://www.msn.com/?ocid=iehp
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D140000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2509099880.0000029F7D240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp$
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp&v
                            Source: iexplore.exe, 00000008.00000002.2501666423.0000029F76C12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp/fwlink/p/?LinkId=255141m/fwlink/p/?LinkId=255141sktop
                            Source: iexplore.exe, 00000008.00000002.2503747760.0000029F7941A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2509099880.0000029F7D196000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7941A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp/p/?LinkId=255141
                            Source: iexplore.exe, 00000008.00000003.2358877639.0000029F7B2F4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507539629.0000029F7B2F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp/p/?LinkId=255141H
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D140000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp0
                            Source: iexplore.exe, 00000008.00000003.2358877639.0000029F7B2EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp8
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehp90
                            Source: iexplore.exe, 00000008.00000003.2358877639.0000029F7B34F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507539629.0000029F7B34F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507391241.0000029F7B1E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpLow
                            Source: iexplore.exe, 00000008.00000003.2358877639.0000029F7B34F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507539629.0000029F7B34F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpMicrosoft
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpR
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D16D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpTerms
                            Source: iexplore.exe, 00000008.00000003.2358877639.0000029F7B2EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpU
                            Source: iexplore.exe, 00000008.00000002.2507539629.0000029F7B389000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2509099880.0000029F7D282000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpX
                            Source: iexplore.exe, 00000008.00000002.2507539629.0000029F7B389000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehparchTerms
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpe
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D207000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2509099880.0000029F7D140000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358877639.0000029F7B2F4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507539629.0000029F7B2F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehphp
                            Source: iexplore.exe, 00000008.00000003.2358877639.0000029F7B2F4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507539629.0000029F7B2F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpico
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpicodu
                            Source: iexplore.exe, 00000008.00000003.2358877639.0000029F7B2EA000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2509099880.0000029F7D16D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpiehpTerms
                            Source: iexplore.exe, 00000008.00000002.2507539629.0000029F7B239000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358877639.0000029F7B239000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpiehpn.com/?ocid=iehpinkId=255141
                            Source: iexplore.exe, 00000008.00000003.2358877639.0000029F7B33B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507539629.0000029F7B33B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpiehpn.com/?ocid=iehprchBox&FORM=IE11SR
                            Source: iexplore.exe, 00000008.00000002.2507391241.0000029F7B1E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpiehpn.com/?ocid=iehpt
                            Source: iexplore.exe, 00000008.00000002.2507539629.0000029F7B239000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358877639.0000029F7B239000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpiehpn.com/?ocid=iehpxplorericoncache
                            Source: iexplore.exe, 00000008.00000003.2358877639.0000029F7B34F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507539629.0000029F7B34F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehplLow
                            Source: iexplore.exe, 00000008.00000002.2501666423.0000029F76BEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpn.com/?ocid=iehpinkId=255141p/?LinkId=255141=oK
                            Source: iexplore.exe, 00000008.00000003.2358877639.0000029F7B34F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507539629.0000029F7B34F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpn.com/?ocid=iehpt
                            Source: iexplore.exe, 00000008.00000003.2358877639.0000029F7B2F4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507539629.0000029F7B2F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpoa
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D207000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpp
                            Source: iexplore.exe, 00000008.00000002.2507539629.0000029F7B389000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2509099880.0000029F7D196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpp/?LinkId=255141
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpp/?LinkId=255141cut
                            Source: iexplore.exe, 00000008.00000002.2503747760.0000029F7941A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7941A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpp/?LinkId=255141se
                            Source: iexplore.exe, 00000008.00000002.2502968752.0000029F78960000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehppageVersions
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehps
                            Source: iexplore.exe, 00000008.00000002.2502968752.0000029F78960000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpstorageTeststorageTest
                            Source: iexplore.exe, 00000008.00000002.2502968752.0000029F78960000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpstorageTeststorageTestA7E6A91
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpww
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D140000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpx
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D140000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2509099880.0000029F7D240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/?ocid=iehpy
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D1F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/TaQ
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/er
                            Source: iexplore.exe, 00000008.00000002.2507391241.0000029F7B1F0000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2503907510.0000029F7954C000.00000004.00000020.00020000.00000000.sdmp, imagestore.dat.39.drString found in binary or memory: https://www.msn.com/favicon.ico
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D240000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/favicon.ico?
                            Source: iexplore.exe, 00000008.00000002.2509099880.0000029F7D196000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/favicon.icoicopu
                            Source: iexplore.exe, 00000008.00000003.2358877639.0000029F7B33B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507539629.0000029F7B33B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/favicon.icop
                            Source: iexplore.exe, 00000008.00000003.2358877639.0000029F7B292000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2509099880.0000029F7D1F1000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507391241.0000029F7B1F8000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2509099880.0000029F7D153000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2503154829.0000029F793D2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/spartan/ientp?locale=en-CH&market=CH&enableregulatorypsm=0&enablecpsm=0&NTLogo=0
                            Source: me[1].json.43.drString found in binary or memory: https://www.politico.com/news/2024/11/20/raimondo-commerce-trump-legacy-00190538
                            Source: me[1].json.43.drString found in binary or memory: https://www.rottentomatoes.com/tv/the_handmaid_s_tale/s01
                            Source: me[1].json.43.drString found in binary or memory: https://www.smithsonianmag.com/smart-news/historians-thought-this-was-a-medieval-site-linked-to-king
                            Source: me[1].json.43.drString found in binary or memory: https://www.whattowatch.com/news/netflix-has-just-added-your-next-crime-thriller-obsession-a-coming-
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                            Source: unknownHTTPS traffic detected: 18.244.18.38:443 -> 192.168.2.7:49743 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 18.244.18.38:443 -> 192.168.2.7:49744 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 151.101.194.137:443 -> 192.168.2.7:49751 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 151.101.194.137:443 -> 192.168.2.7:49752 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 18.244.18.38:443 -> 192.168.2.7:49758 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 18.244.18.38:443 -> 192.168.2.7:49759 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 151.101.194.137:443 -> 192.168.2.7:49765 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 151.101.194.137:443 -> 192.168.2.7:49766 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 18.244.18.38:443 -> 192.168.2.7:49819 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 18.244.18.38:443 -> 192.168.2.7:49820 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 18.244.18.38:443 -> 192.168.2.7:49820 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 151.101.129.108:443 -> 192.168.2.7:49843 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 151.101.129.108:443 -> 192.168.2.7:49842 version: TLS 1.2

                            Key, Mouse, Clipboard, Microphone and Screen Capturing

                            barindex
                            Yara detected Ramnit
                            Source: Yara matchFile source: 21.2.DesktopLayer.exe.404031.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 31.2.loaddll32Srv.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.2.DesktopLayer.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 31.2.loaddll32Srv.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.DesktopLayer.exe.400000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.2.DesktopLayer.exe.404031.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 40.2.rundll32Srv.exe.404031.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 40.2.rundll32Srv.exe.400000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.2.DesktopLayer.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.DesktopLayer.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.2.rundll32Srv.exe.400000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.DesktopLayer.exe.404031.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.rundll32Srv.exe.404031.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 40.2.rundll32Srv.exe.400000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.2.rundll32Srv.exe.404031.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 31.2.loaddll32Srv.exe.404031.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 21.2.DesktopLayer.exe.400000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.DesktopLayer.exe.400000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.rundll32Srv.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.DesktopLayer.exe.404031.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.2.rundll32Srv.exe.400000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 21.2.DesktopLayer.exe.400000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.DesktopLayer.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.rundll32Srv.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.1302171907.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000029.00000002.1379208634.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000015.00000002.1320860861.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001F.00000002.1350693786.0000000000400000.00000040.00000001.01000000.00000013.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000024.00000002.1364558971.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000028.00000002.1374564126.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: rundll32Srv.exe PID: 6760, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: DesktopLayer.exe PID: 5764, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: rundll32Srv.exe PID: 7544, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: DesktopLayer.exe PID: 7724, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: loaddll32Srv.exe PID: 8740, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: DesktopLayer.exe PID: 8816, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: rundll32Srv.exe PID: 9176, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: DesktopLayer.exe PID: 9204, type: MEMORYSTR

                            E-Banking Fraud

                            barindex
                            Yara detected Ramnit
                            Source: Yara matchFile source: 21.2.DesktopLayer.exe.404031.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 31.2.loaddll32Srv.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.2.DesktopLayer.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 31.2.loaddll32Srv.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.DesktopLayer.exe.400000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.2.DesktopLayer.exe.404031.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 40.2.rundll32Srv.exe.404031.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 40.2.rundll32Srv.exe.400000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.2.DesktopLayer.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.DesktopLayer.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.2.rundll32Srv.exe.400000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.DesktopLayer.exe.404031.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.rundll32Srv.exe.404031.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 40.2.rundll32Srv.exe.400000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.2.rundll32Srv.exe.404031.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 31.2.loaddll32Srv.exe.404031.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 21.2.DesktopLayer.exe.400000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.DesktopLayer.exe.400000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.rundll32Srv.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.DesktopLayer.exe.404031.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.2.rundll32Srv.exe.400000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 21.2.DesktopLayer.exe.400000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.DesktopLayer.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.rundll32Srv.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.1302171907.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000029.00000002.1379208634.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000015.00000002.1320860861.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001F.00000002.1350693786.0000000000400000.00000040.00000001.01000000.00000013.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000024.00000002.1364558971.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000028.00000002.1374564126.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: rundll32Srv.exe PID: 6760, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: DesktopLayer.exe PID: 5764, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: rundll32Srv.exe PID: 7544, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: DesktopLayer.exe PID: 7724, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: loaddll32Srv.exe PID: 8740, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: DesktopLayer.exe PID: 8816, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: rundll32Srv.exe PID: 9176, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: DesktopLayer.exe PID: 9204, type: MEMORYSTR

                            System Summary

                            barindex
                            Malicious sample detected (through community Yara rule)
                            Source: 41.0.DesktopLayer.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Ramnit malware Author: Florian Roth
                            Source: 36.0.DesktopLayer.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Ramnit malware Author: Florian Roth
                            Source: 21.0.DesktopLayer.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Ramnit malware Author: Florian Roth
                            Source: 19.0.rundll32Srv.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Ramnit malware Author: Florian Roth
                            Source: 5.0.rundll32Srv.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Ramnit malware Author: Florian Roth
                            Source: 31.0.loaddll32Srv.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Ramnit malware Author: Florian Roth
                            Source: 40.0.rundll32Srv.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Ramnit malware Author: Florian Roth
                            Source: 7.0.DesktopLayer.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Ramnit malware Author: Florian Roth
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exe, type: DROPPEDMatched rule: Detects Ramnit malware Author: Florian Roth
                            Source: C:\Windows\SysWOW64\rundll32Srv.exe, type: DROPPEDMatched rule: Detects Ramnit malware Author: Florian Roth
                            Source: C:\Windows\SysWOW64\loaddll32Srv.exe, type: DROPPEDMatched rule: Detects Ramnit malware Author: Florian Roth
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 5_3_005B1457 NtFreeVirtualMemory,5_3_005B1457
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 5_3_005B0814 NtProtectVirtualMemory,5_3_005B0814
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 5_3_005B0335 NtAllocateVirtualMemory,5_3_005B0335
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 5_3_005B04CC NtQuerySystemInformation,5_3_005B04CC
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 5_3_005B3519 NtQuerySystemInformation,5_3_005B3519
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 5_3_005B27A0 NtAllocateVirtualMemory,5_3_005B27A0
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 5_2_005B2740 NtFreeVirtualMemory,5_2_005B2740
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 5_2_005B3519 NtQuerySystemInformation,5_2_005B3519
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 5_2_005B27A0 NtAllocateVirtualMemory,5_2_005B27A0
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 7_3_005B1457 NtFreeVirtualMemory,7_3_005B1457
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 7_3_005B0814 NtProtectVirtualMemory,7_3_005B0814
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 7_3_005B0335 NtAllocateVirtualMemory,7_3_005B0335
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 7_3_005B04CC NtQuerySystemInformation,7_3_005B04CC
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 7_3_005B3519 NtQuerySystemInformation,7_3_005B3519
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 7_3_005B27A0 NtAllocateVirtualMemory,7_3_005B27A0
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 7_2_004019D4 NtQueryInformationProcess,7_2_004019D4
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 7_2_005B2740 NtFreeVirtualMemory,7_2_005B2740
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 7_2_005B3519 NtQuerySystemInformation,7_2_005B3519
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 7_2_005B27A0 NtAllocateVirtualMemory,7_2_005B27A0
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 19_3_00581457 NtFreeVirtualMemory,19_3_00581457
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 19_3_00580814 NtProtectVirtualMemory,19_3_00580814
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 19_3_00580335 NtAllocateVirtualMemory,19_3_00580335
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 19_3_005804CC NtQuerySystemInformation,19_3_005804CC
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 19_3_00583519 NtQuerySystemInformation,19_3_00583519
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 19_3_005827A0 NtAllocateVirtualMemory,19_3_005827A0
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 19_2_00582740 NtFreeVirtualMemory,19_2_00582740
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 19_2_00583519 NtQuerySystemInformation,19_2_00583519
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 19_2_005827A0 NtAllocateVirtualMemory,19_2_005827A0
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 21_3_004A1457 NtFreeVirtualMemory,21_3_004A1457
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 21_3_004A0814 NtProtectVirtualMemory,21_3_004A0814
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 21_3_004A0335 NtAllocateVirtualMemory,21_3_004A0335
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 21_3_004A04CC NtQuerySystemInformation,21_3_004A04CC
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 21_3_004A3519 NtQuerySystemInformation,21_3_004A3519
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 21_3_004A27A0 NtAllocateVirtualMemory,21_3_004A27A0
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 21_2_004A2740 NtFreeVirtualMemory,21_2_004A2740
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 21_2_004A3519 NtQuerySystemInformation,21_2_004A3519
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 21_2_004A27A0 NtAllocateVirtualMemory,21_2_004A27A0
                            Source: C:\Windows\SysWOW64\loaddll32Srv.exeCode function: 31_3_004A1457 NtFreeVirtualMemory,31_3_004A1457
                            Source: C:\Windows\SysWOW64\loaddll32Srv.exeCode function: 31_3_004A0814 NtProtectVirtualMemory,31_3_004A0814
                            Source: C:\Windows\SysWOW64\loaddll32Srv.exeCode function: 31_3_004A0335 NtAllocateVirtualMemory,31_3_004A0335
                            Source: C:\Windows\SysWOW64\loaddll32Srv.exeCode function: 31_3_004A04CC NtQuerySystemInformation,31_3_004A04CC
                            Source: C:\Windows\SysWOW64\loaddll32Srv.exeCode function: 31_3_004A3519 NtQuerySystemInformation,31_3_004A3519
                            Source: C:\Windows\SysWOW64\loaddll32Srv.exeCode function: 31_3_004A27A0 NtAllocateVirtualMemory,31_3_004A27A0
                            Source: C:\Windows\SysWOW64\loaddll32Srv.exeCode function: 31_2_004A2740 NtFreeVirtualMemory,31_2_004A2740
                            Source: C:\Windows\SysWOW64\loaddll32Srv.exeCode function: 31_2_004A3519 NtQuerySystemInformation,31_2_004A3519
                            Source: C:\Windows\SysWOW64\loaddll32Srv.exeCode function: 31_2_004A27A0 NtAllocateVirtualMemory,31_2_004A27A0
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 36_3_005A1457 NtFreeVirtualMemory,36_3_005A1457
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 36_3_005A0814 NtProtectVirtualMemory,36_3_005A0814
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 36_3_005A0335 NtAllocateVirtualMemory,36_3_005A0335
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 36_3_005A04CC NtQuerySystemInformation,36_3_005A04CC
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 36_3_005A3519 NtQuerySystemInformation,36_3_005A3519
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 36_3_005A27A0 NtAllocateVirtualMemory,36_3_005A27A0
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 36_2_005A2740 NtFreeVirtualMemory,36_2_005A2740
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 36_2_005A3519 NtQuerySystemInformation,36_2_005A3519
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 36_2_005A27A0 NtAllocateVirtualMemory,36_2_005A27A0
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 40_3_00581457 NtFreeVirtualMemory,40_3_00581457
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 40_3_00580814 NtProtectVirtualMemory,40_3_00580814
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 40_3_00580335 NtAllocateVirtualMemory,40_3_00580335
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 40_3_005804CC NtQuerySystemInformation,40_3_005804CC
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 40_3_00583519 NtQuerySystemInformation,40_3_00583519
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 40_3_005827A0 NtAllocateVirtualMemory,40_3_005827A0
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 40_2_00582740 NtFreeVirtualMemory,40_2_00582740
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 40_2_00583519 NtQuerySystemInformation,40_2_00583519
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 40_2_005827A0 NtAllocateVirtualMemory,40_2_005827A0
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 41_3_00681457 NtFreeVirtualMemory,41_3_00681457
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 41_3_00680335 NtAllocateVirtualMemory,41_3_00680335
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 41_3_00680814 NtProtectVirtualMemory,41_3_00680814
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 41_3_006804CC NtQuerySystemInformation,41_3_006804CC
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 41_3_00683519 NtQuerySystemInformation,41_3_00683519
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 41_3_006827A0 NtAllocateVirtualMemory,41_3_006827A0
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 41_2_00682740 NtFreeVirtualMemory,41_2_00682740
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 41_2_00683519 NtQuerySystemInformation,41_2_00683519
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 41_2_006827A0 NtAllocateVirtualMemory,41_2_006827A0
                            Source: C:\Windows\System32\loaddll32.exeFile created: C:\Windows\SysWOW64\loaddll32Srv.exeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\rundll32Srv.exeJump to behavior
                            Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\Microsoft\DesktopLayer.exe FD6C69C345F1E32924F0A5BB7393E191B393A78D58E2C6413B03CED7482F2320
                            Source: WSock.dllStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DLL
                            Source: 41.0.DesktopLayer.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Ramnit_May19_1 date = 2019-05-31, hash1 = d7ec3fcd80b3961e5bab97015c91c843803bb915c13a4a35dfb5e9bdf556c6d3, author = Florian Roth, description = Detects Ramnit malware, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                            Source: 36.0.DesktopLayer.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Ramnit_May19_1 date = 2019-05-31, hash1 = d7ec3fcd80b3961e5bab97015c91c843803bb915c13a4a35dfb5e9bdf556c6d3, author = Florian Roth, description = Detects Ramnit malware, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                            Source: 21.0.DesktopLayer.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Ramnit_May19_1 date = 2019-05-31, hash1 = d7ec3fcd80b3961e5bab97015c91c843803bb915c13a4a35dfb5e9bdf556c6d3, author = Florian Roth, description = Detects Ramnit malware, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                            Source: 19.0.rundll32Srv.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Ramnit_May19_1 date = 2019-05-31, hash1 = d7ec3fcd80b3961e5bab97015c91c843803bb915c13a4a35dfb5e9bdf556c6d3, author = Florian Roth, description = Detects Ramnit malware, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                            Source: 5.0.rundll32Srv.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Ramnit_May19_1 date = 2019-05-31, hash1 = d7ec3fcd80b3961e5bab97015c91c843803bb915c13a4a35dfb5e9bdf556c6d3, author = Florian Roth, description = Detects Ramnit malware, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                            Source: 31.0.loaddll32Srv.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Ramnit_May19_1 date = 2019-05-31, hash1 = d7ec3fcd80b3961e5bab97015c91c843803bb915c13a4a35dfb5e9bdf556c6d3, author = Florian Roth, description = Detects Ramnit malware, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                            Source: 40.0.rundll32Srv.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Ramnit_May19_1 date = 2019-05-31, hash1 = d7ec3fcd80b3961e5bab97015c91c843803bb915c13a4a35dfb5e9bdf556c6d3, author = Florian Roth, description = Detects Ramnit malware, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                            Source: 7.0.DesktopLayer.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Ramnit_May19_1 date = 2019-05-31, hash1 = d7ec3fcd80b3961e5bab97015c91c843803bb915c13a4a35dfb5e9bdf556c6d3, author = Florian Roth, description = Detects Ramnit malware, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exe, type: DROPPEDMatched rule: MAL_Ramnit_May19_1 date = 2019-05-31, hash1 = d7ec3fcd80b3961e5bab97015c91c843803bb915c13a4a35dfb5e9bdf556c6d3, author = Florian Roth, description = Detects Ramnit malware, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                            Source: C:\Windows\SysWOW64\rundll32Srv.exe, type: DROPPEDMatched rule: MAL_Ramnit_May19_1 date = 2019-05-31, hash1 = d7ec3fcd80b3961e5bab97015c91c843803bb915c13a4a35dfb5e9bdf556c6d3, author = Florian Roth, description = Detects Ramnit malware, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                            Source: C:\Windows\SysWOW64\loaddll32Srv.exe, type: DROPPEDMatched rule: MAL_Ramnit_May19_1 date = 2019-05-31, hash1 = d7ec3fcd80b3961e5bab97015c91c843803bb915c13a4a35dfb5e9bdf556c6d3, author = Florian Roth, description = Detects Ramnit malware, reference = https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
                            Source: loaddll32Srv.exe.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.9967075892857142
                            Source: rundll32Srv.exe.3.drStatic PE information: Section: UPX1 ZLIB complexity 0.9967075892857142
                            Source: DesktopLayer.exe.5.drStatic PE information: Section: UPX1 ZLIB complexity 0.9967075892857142
                            Source: DesktopLayer.exe, 00000015.00000002.1321208838.0000000000638000.00000004.00000020.00020000.00000000.sdmp, DesktopLayer.exe, 00000024.00000002.1366228018.00000000004A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ;.VBP
                            Source: classification engineClassification label: mal100.troj.evad.winDLL@97/292@17/8
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 5_2_004027E0 GetCurrentThreadId,CreateToolhelp32Snapshot,Thread32First,OpenThread,SuspendThread,ResumeThread,CloseHandle,Thread32Next,CloseHandle,5_2_004027E0
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeFile created: C:\Program Files (x86)\Microsoft\px9F43.tmpJump to behavior
                            Source: C:\Program Files\Internet Explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\RecoveryJump to behavior
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5480:120:WilError_03
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeMutant created: \Sessions\1\BaseNamedObjects\KyUffThOkYwRRtgPP
                            Source: C:\Program Files\Internet Explorer\iexplore.exeFile created: C:\Users\user~1\AppData\Local\Temp\~DF601FB22FBB46F72A.TMPJump to behavior
                            Source: C:\Program Files\Internet Explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
                            Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WSock.dll,LibClassDesc
                            Source: WSock.dllReversingLabs: Detection: 94%
                            Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\WSock.dll"
                            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\WSock.dll",#1
                            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WSock.dll,LibClassDesc
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\WSock.dll",#1
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32Srv.exe C:\Windows\SysWOW64\rundll32Srv.exe
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeProcess created: C:\Program Files (x86)\Microsoft\DesktopLayer.exe "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
                            Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5736 CREDAT:17410 /prefetch:2
                            Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=10436
                            Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=10436
                            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WSock.dll,LibDescription
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=2060,i,17826579582961614741,2272508256986252426,262144 /prefetch:3
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32Srv.exe C:\Windows\SysWOW64\rundll32Srv.exe
                            Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=10436 --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeProcess created: C:\Program Files (x86)\Microsoft\DesktopLayer.exe "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2780 --field-trial-handle=1988,i,11845667216547676370,5432246328474800705,262144 /prefetch:3
                            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WSock.dll,LibNumberClasses
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
                            Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5736 CREDAT:17414 /prefetch:2
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6004 --field-trial-handle=1988,i,11845667216547676370,5432246328474800705,262144 /prefetch:8
                            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\loaddll32Srv.exe C:\Windows\system32\loaddll32Srv.exe
                            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\WSock.dll",LibClassDesc
                            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\WSock.dll",LibDescription
                            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\WSock.dll",LibNumberClasses
                            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\WSock.dll",LibVersion
                            Source: C:\Windows\SysWOW64\loaddll32Srv.exeProcess created: C:\Program Files (x86)\Microsoft\DesktopLayer.exe "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
                            Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5736 CREDAT:82950 /prefetch:2
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32Srv.exe C:\Windows\SysWOW64\rundll32Srv.exe
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeProcess created: C:\Program Files (x86)\Microsoft\DesktopLayer.exe "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
                            Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5736 CREDAT:17420 /prefetch:2
                            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\WSock.dll",#1Jump to behavior
                            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WSock.dll,LibClassDescJump to behavior
                            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WSock.dll,LibDescriptionJump to behavior
                            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\WSock.dll,LibNumberClassesJump to behavior
                            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\loaddll32Srv.exe C:\Windows\system32\loaddll32Srv.exeJump to behavior
                            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\WSock.dll",LibClassDescJump to behavior
                            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\WSock.dll",LibDescriptionJump to behavior
                            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\WSock.dll",LibNumberClassesJump to behavior
                            Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\WSock.dll",LibVersionJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\WSock.dll",#1Jump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32Srv.exe C:\Windows\SysWOW64\rundll32Srv.exeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeProcess created: C:\Program Files (x86)\Microsoft\DesktopLayer.exe "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"Jump to behavior
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"Jump to behavior
                            Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5736 CREDAT:17410 /prefetch:2Jump to behavior
                            Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5736 CREDAT:17414 /prefetch:2Jump to behavior
                            Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5736 CREDAT:82950 /prefetch:2Jump to behavior
                            Source: C:\Program Files\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Microsoft\DesktopLayer.exe "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"Jump to behavior
                            Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe "C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=10436Jump to behavior
                            Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeProcess created: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe "C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -newJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=10436Jump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=2060,i,17826579582961614741,2272508256986252426,262144 /prefetch:3Jump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32Srv.exe C:\Windows\SysWOW64\rundll32Srv.exeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeProcess created: C:\Program Files (x86)\Microsoft\DesktopLayer.exe "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"Jump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2780 --field-trial-handle=1988,i,11845667216547676370,5432246328474800705,262144 /prefetch:3Jump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6004 --field-trial-handle=1988,i,11845667216547676370,5432246328474800705,262144 /prefetch:8Jump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Windows\SysWOW64\loaddll32Srv.exe C:\Windows\system32\loaddll32Srv.exeJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\WSock.dll",LibClassDescJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\WSock.dll",LibNumberClassesJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
                            Source: C:\Windows\SysWOW64\loaddll32Srv.exeProcess created: C:\Program Files (x86)\Microsoft\DesktopLayer.exe "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32Srv.exe C:\Windows\SysWOW64\rundll32Srv.exe
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeProcess created: C:\Program Files (x86)\Microsoft\DesktopLayer.exe "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeProcess created: C:\Program Files\Internet Explorer\iexplore.exe "C:\Program Files\Internet Explorer\iexplore.exe"
                            Source: C:\Windows\System32\loaddll32.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Windows\System32\loaddll32.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: wininet.dllJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: urlmon.dllJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: iertutil.dllJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: edputil.dllJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: wintypes.dllJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: appresolver.dllJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: bcp47langs.dllJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: slc.dllJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: sppc.dllJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                            Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: vcruntime140.dllJump to behavior
                            Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: wininet.dllJump to behavior
                            Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: version.dllJump to behavior
                            Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: urlmon.dllJump to behavior
                            Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: msvcp140.dllJump to behavior
                            Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: iertutil.dllJump to behavior
                            Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeSection loaded: apphelp.dll
                            Source: C:\Windows\SysWOW64\loaddll32Srv.exeSection loaded: ntmarta.dll
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeSection loaded: apphelp.dll
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeSection loaded: ntmarta.dll
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeSection loaded: apphelp.dll
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
                            Source: Window RecorderWindow detected: More than 3 window changes detected
                            Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Lync
                            Source: initial sampleStatic PE information: section where entry point is pointing to: .rmnet
                            Source: WSock.dllStatic PE information: section name: .rmnet
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 5_3_005B067A push eax; ret 5_3_005B22AF
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 5_3_005B178F push eax; ret 5_3_005B22AF
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 5_2_005B178F push eax; ret 5_2_005B22AF
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 7_3_005B067A push eax; ret 7_3_005B22AF
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 7_3_005B178F push eax; ret 7_3_005B22AF
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 7_2_005B178F push eax; ret 7_2_005B22AF
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 19_3_0058067A push eax; ret 19_3_005822AF
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 19_3_0058178F push eax; ret 19_3_005822AF
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 19_2_0058178F push eax; ret 19_2_005822AF
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 21_3_004A067A push eax; ret 21_3_004A22AF
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 21_3_004A178F push eax; ret 21_3_004A22AF
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 21_2_004A178F push eax; ret 21_2_004A22AF
                            Source: C:\Windows\SysWOW64\loaddll32Srv.exeCode function: 31_3_004A067A push eax; ret 31_3_004A22AF
                            Source: C:\Windows\SysWOW64\loaddll32Srv.exeCode function: 31_3_004A178F push eax; ret 31_3_004A22AF
                            Source: C:\Windows\SysWOW64\loaddll32Srv.exeCode function: 31_2_004A178F push eax; ret 31_2_004A22AF
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 36_3_005A067A push eax; ret 36_3_005A22AF
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 36_3_005A178F push eax; ret 36_3_005A22AF
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 36_2_005A178F push eax; ret 36_2_005A22AF
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 40_3_0058067A push eax; ret 40_3_005822AF
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 40_3_0058178F push eax; ret 40_3_005822AF
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 40_2_0058178F push eax; ret 40_2_005822AF
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 41_3_0068067A push eax; ret 41_3_006822AF
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 41_3_0068178F push eax; ret 41_3_006822AF
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 41_2_0068178F push eax; ret 41_2_006822AF
                            Source: WSock.dllStatic PE information: section name: .rmnet entropy: 7.97144485240936
                            Source: initial sampleStatic PE information: section name: UPX0
                            Source: initial sampleStatic PE information: section name: UPX1
                            Source: initial sampleStatic PE information: section name: UPX0
                            Source: initial sampleStatic PE information: section name: UPX1
                            Source: initial sampleStatic PE information: section name: UPX0
                            Source: initial sampleStatic PE information: section name: UPX1

                            Persistence and Installation Behavior

                            barindex
                            Yara detected Ramnit
                            Source: Yara matchFile source: 21.2.DesktopLayer.exe.404031.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 31.2.loaddll32Srv.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.2.DesktopLayer.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 31.2.loaddll32Srv.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.DesktopLayer.exe.400000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.2.DesktopLayer.exe.404031.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 40.2.rundll32Srv.exe.404031.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 40.2.rundll32Srv.exe.400000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.2.DesktopLayer.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.DesktopLayer.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.2.rundll32Srv.exe.400000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.DesktopLayer.exe.404031.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.rundll32Srv.exe.404031.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 40.2.rundll32Srv.exe.400000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.2.rundll32Srv.exe.404031.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 31.2.loaddll32Srv.exe.404031.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 21.2.DesktopLayer.exe.400000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.DesktopLayer.exe.400000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.rundll32Srv.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.DesktopLayer.exe.404031.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.2.rundll32Srv.exe.400000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 21.2.DesktopLayer.exe.400000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.DesktopLayer.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.rundll32Srv.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.1302171907.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000029.00000002.1379208634.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000015.00000002.1320860861.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001F.00000002.1350693786.0000000000400000.00000040.00000001.01000000.00000013.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000024.00000002.1364558971.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000028.00000002.1374564126.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: rundll32Srv.exe PID: 6760, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: DesktopLayer.exe PID: 5764, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: rundll32Srv.exe PID: 7544, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: DesktopLayer.exe PID: 7724, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: loaddll32Srv.exe PID: 8740, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: DesktopLayer.exe PID: 8816, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: rundll32Srv.exe PID: 9176, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: DesktopLayer.exe PID: 9204, type: MEMORYSTR
                            Drops executables to the windows directory (C:\Windows) and starts them
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeExecutable created and started: C:\Windows\SysWOW64\loaddll32Srv.exeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeExecutable created and started: C:\Windows\SysWOW64\rundll32Srv.exe
                            Source: C:\Windows\System32\loaddll32.exeFile created: C:\Windows\SysWOW64\loaddll32Srv.exeJump to dropped file
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeFile created: C:\Program Files (x86)\Microsoft\DesktopLayer.exeJump to dropped file
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\rundll32Srv.exeJump to dropped file
                            Source: C:\Windows\System32\loaddll32.exeFile created: C:\Windows\SysWOW64\loaddll32Srv.exeJump to dropped file
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\rundll32Srv.exeJump to dropped file

                            Boot Survival

                            barindex
                            Yara detected Ramnit
                            Source: Yara matchFile source: 21.2.DesktopLayer.exe.404031.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 31.2.loaddll32Srv.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.2.DesktopLayer.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 31.2.loaddll32Srv.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.DesktopLayer.exe.400000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.2.DesktopLayer.exe.404031.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 40.2.rundll32Srv.exe.404031.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 40.2.rundll32Srv.exe.400000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.2.DesktopLayer.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.DesktopLayer.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.2.rundll32Srv.exe.400000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.DesktopLayer.exe.404031.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.rundll32Srv.exe.404031.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 40.2.rundll32Srv.exe.400000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.2.rundll32Srv.exe.404031.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 31.2.loaddll32Srv.exe.404031.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 21.2.DesktopLayer.exe.400000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.DesktopLayer.exe.400000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.rundll32Srv.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.DesktopLayer.exe.404031.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.2.rundll32Srv.exe.400000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 21.2.DesktopLayer.exe.400000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.DesktopLayer.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.rundll32Srv.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.1302171907.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000029.00000002.1379208634.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000015.00000002.1320860861.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001F.00000002.1350693786.0000000000400000.00000040.00000001.01000000.00000013.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000024.00000002.1364558971.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000028.00000002.1374564126.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: rundll32Srv.exe PID: 6760, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: DesktopLayer.exe PID: 5764, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: rundll32Srv.exe PID: 7544, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: DesktopLayer.exe PID: 7724, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: loaddll32Srv.exe PID: 8740, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: DesktopLayer.exe PID: 8816, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: rundll32Srv.exe PID: 9176, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: DesktopLayer.exe PID: 9204, type: MEMORYSTR

                            Hooking and other Techniques for Hiding and Protection

                            barindex
                            Yara detected Ramnit
                            Source: Yara matchFile source: 21.2.DesktopLayer.exe.404031.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 31.2.loaddll32Srv.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.2.DesktopLayer.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 31.2.loaddll32Srv.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.DesktopLayer.exe.400000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.2.DesktopLayer.exe.404031.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 40.2.rundll32Srv.exe.404031.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 40.2.rundll32Srv.exe.400000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.2.DesktopLayer.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.DesktopLayer.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.2.rundll32Srv.exe.400000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.DesktopLayer.exe.404031.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.rundll32Srv.exe.404031.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 40.2.rundll32Srv.exe.400000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.2.rundll32Srv.exe.404031.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 31.2.loaddll32Srv.exe.404031.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 21.2.DesktopLayer.exe.400000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.DesktopLayer.exe.400000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.rundll32Srv.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.DesktopLayer.exe.404031.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.2.rundll32Srv.exe.400000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 21.2.DesktopLayer.exe.400000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.DesktopLayer.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.rundll32Srv.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.1302171907.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000029.00000002.1379208634.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000015.00000002.1320860861.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001F.00000002.1350693786.0000000000400000.00000040.00000001.01000000.00000013.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000024.00000002.1364558971.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000028.00000002.1374564126.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: rundll32Srv.exe PID: 6760, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: DesktopLayer.exe PID: 5764, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: rundll32Srv.exe PID: 7544, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: DesktopLayer.exe PID: 7724, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: loaddll32Srv.exe PID: 8740, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: DesktopLayer.exe PID: 8816, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: rundll32Srv.exe PID: 9176, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: DesktopLayer.exe PID: 9204, type: MEMORYSTR
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 5_2_00401848 GetModuleHandleA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,5_2_00401848
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX

                            Malware Analysis System Evasion

                            barindex
                            Found evasive API chain (may stop execution after checking mutex)
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_7-4316
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_5-4317
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeEvasive API call chain: RegOpenKey,DecisionNodes,ExitProcessgraph_7-4300
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeEvasive API call chain: RegOpenKey,DecisionNodes,ExitProcessgraph_5-4301
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_5-4345
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_7-4341
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeCode function: 5_2_004011DF FindFirstFileA,FindClose,5_2_004011DF
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeCode function: 7_2_004011DF FindFirstFileA,FindClose,7_2_004011DF
                            Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 120000Jump to behavior
                            Source: Web Data.20.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
                            Source: Web Data.20.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
                            Source: Web Data.20.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
                            Source: Web Data.20.drBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
                            Source: Web Data.20.drBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
                            Source: Web Data.20.drBinary or memory string: outlook.office.comVMware20,11696492231s
                            Source: iexplore.exe, 00000008.00000002.2501666423.0000029F76C12000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWPXBy
                            Source: Web Data.20.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
                            Source: Web Data.20.drBinary or memory string: AMC password management pageVMware20,11696492231
                            Source: Web Data.20.drBinary or memory string: interactivebrokers.comVMware20,11696492231
                            Source: Web Data.20.drBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
                            Source: iexplore.exe, 00000008.00000002.2507391241.0000029F7B1E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                            Source: Web Data.20.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
                            Source: Web Data.20.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
                            Source: Web Data.20.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
                            Source: Web Data.20.drBinary or memory string: outlook.office365.comVMware20,11696492231t
                            Source: Web Data.20.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
                            Source: Web Data.20.drBinary or memory string: discord.comVMware20,11696492231f
                            Source: iexplore.exe, 00000008.00000002.2503747760.0000029F7941A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7941A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWU
                            Source: Web Data.20.drBinary or memory string: global block list test formVMware20,11696492231
                            Source: Web Data.20.drBinary or memory string: dev.azure.comVMware20,11696492231j
                            Source: Web Data.20.drBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
                            Source: Web Data.20.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
                            Source: Web Data.20.drBinary or memory string: bankofamerica.comVMware20,11696492231x
                            Source: Web Data.20.drBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
                            Source: Web Data.20.drBinary or memory string: tasks.office.comVMware20,11696492231o
                            Source: Web Data.20.drBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
                            Source: Web Data.20.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
                            Source: Web Data.20.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
                            Source: Web Data.20.drBinary or memory string: ms.portal.azure.comVMware20,11696492231
                            Source: Web Data.20.drBinary or memory string: turbotax.intuit.comVMware20,11696492231t
                            Source: Web Data.20.drBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
                            Source: Web Data.20.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
                            Source: Web Data.20.drBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
                            Source: C:\Windows\SysWOW64\rundll32Srv.exeAPI call chain: ExitProcess graph end nodegraph_5-4276
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeAPI call chain: ExitProcess graph end nodegraph_7-4418
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeAPI call chain: ExitProcess graph end nodegraph_7-4434
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeAPI call chain: ExitProcess graph end nodegraph_7-4287
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeAPI call chain: ExitProcess graph end nodegraph_7-4377
                            Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\WSock.dll",#1Jump to behavior
                            Source: C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=10436Jump to behavior

                            Stealing of Sensitive Information

                            barindex
                            Yara detected Ramnit
                            Source: Yara matchFile source: 21.2.DesktopLayer.exe.404031.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 31.2.loaddll32Srv.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.2.DesktopLayer.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 31.2.loaddll32Srv.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.DesktopLayer.exe.400000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.2.DesktopLayer.exe.404031.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 40.2.rundll32Srv.exe.404031.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 40.2.rundll32Srv.exe.400000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.2.DesktopLayer.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.DesktopLayer.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.2.rundll32Srv.exe.400000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.DesktopLayer.exe.404031.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.rundll32Srv.exe.404031.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 40.2.rundll32Srv.exe.400000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.2.rundll32Srv.exe.404031.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 31.2.loaddll32Srv.exe.404031.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 21.2.DesktopLayer.exe.400000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.DesktopLayer.exe.400000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.rundll32Srv.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.DesktopLayer.exe.404031.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.2.rundll32Srv.exe.400000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 21.2.DesktopLayer.exe.400000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.DesktopLayer.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.rundll32Srv.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.1302171907.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000029.00000002.1379208634.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000015.00000002.1320860861.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001F.00000002.1350693786.0000000000400000.00000040.00000001.01000000.00000013.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000024.00000002.1364558971.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000028.00000002.1374564126.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: rundll32Srv.exe PID: 6760, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: DesktopLayer.exe PID: 5764, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: rundll32Srv.exe PID: 7544, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: DesktopLayer.exe PID: 7724, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: loaddll32Srv.exe PID: 8740, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: DesktopLayer.exe PID: 8816, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: rundll32Srv.exe PID: 9176, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: DesktopLayer.exe PID: 9204, type: MEMORYSTR

                            Remote Access Functionality

                            barindex
                            Yara detected Ramnit
                            Source: Yara matchFile source: 21.2.DesktopLayer.exe.404031.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 31.2.loaddll32Srv.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.2.DesktopLayer.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 31.2.loaddll32Srv.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.DesktopLayer.exe.400000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.2.DesktopLayer.exe.404031.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 40.2.rundll32Srv.exe.404031.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 40.2.rundll32Srv.exe.400000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 36.2.DesktopLayer.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.DesktopLayer.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.2.rundll32Srv.exe.400000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.DesktopLayer.exe.404031.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.rundll32Srv.exe.404031.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 40.2.rundll32Srv.exe.400000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.2.rundll32Srv.exe.404031.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 31.2.loaddll32Srv.exe.404031.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 21.2.DesktopLayer.exe.400000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.DesktopLayer.exe.400000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.rundll32Srv.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 41.2.DesktopLayer.exe.404031.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 5.2.rundll32Srv.exe.400000.1.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 21.2.DesktopLayer.exe.400000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 7.2.DesktopLayer.exe.400000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 19.2.rundll32Srv.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000013.00000002.1302171907.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000029.00000002.1379208634.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000015.00000002.1320860861.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000001F.00000002.1350693786.0000000000400000.00000040.00000001.01000000.00000013.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000024.00000002.1364558971.0000000000400000.00000040.00000001.01000000.00000005.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000028.00000002.1374564126.0000000000400000.00000040.00000001.01000000.00000004.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: rundll32Srv.exe PID: 6760, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: DesktopLayer.exe PID: 5764, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: rundll32Srv.exe PID: 7544, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: DesktopLayer.exe PID: 7724, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: loaddll32Srv.exe PID: 8740, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: DesktopLayer.exe PID: 8816, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: rundll32Srv.exe PID: 9176, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: DesktopLayer.exe PID: 9204, type: MEMORYSTR

                            Mitre Att&ck Matrix

                            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                            Gather Victim Identity InformationAcquire Infrastructure1
                            Replication Through Removable Media                            		11
                            Native API                            		1
                            DLL Side-Loading                            		11
                            Process Injection                            		122
                            Masquerading                            		OS Credential Dumping11
                            Security Software Discovery                            		Remote ServicesData from Local System1
                            Encrypted Channel                            		Exfiltration Over Other Network MediumAbuse Accessibility Features
                            CredentialsDomainsDefault Accounts1
                            Exploitation for Client Execution                            		Boot or Logon Initialization Scripts1
                            DLL Side-Loading                            		1
                            Virtualization/Sandbox Evasion                            		LSASS Memory1
                            Virtualization/Sandbox Evasion                            		Remote Desktop ProtocolData from Removable Media1
                            Ingress Tool Transfer                            		Exfiltration Over BluetoothNetwork Denial of Service
                            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
                            Process Injection                            		Security Account Manager2
                            Process Discovery                            		SMB/Windows Admin SharesData from Network Shared Drive3
                            Non-Application Layer Protocol                            		Automated ExfiltrationData Encrypted for Impact
                            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook21
                            Obfuscated Files or Information                            		NTDS1
                            Peripheral Device Discovery                            		Distributed Component Object ModelInput Capture4
                            Application Layer Protocol                            		Traffic DuplicationData Destruction
                            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                            Rundll32                            		LSA Secrets2
                            File and Directory Discovery                            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
                            Software Packing                            		Cached Domain Credentials2
                            System Information Discovery                            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                            DLL Side-Loading                            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1559312 Sample: WSock.dll Startdate: 20/11/2024 Architecture: WINDOWS Score: 100 86 www.msn.com 2->86 88 sni1gl.wpc.nucdn.net 2->88 90 9 other IPs or domains 2->90 106 Malicious sample detected (through community Yara rule) 2->106 108 Antivirus detection for dropped file 2->108 110 Antivirus / Scanner detection for submitted sample 2->110 112 7 other signatures 2->112 15 loaddll32.exe 2 2->15         started        18 msedge.exe 24 353 2->18         started        signatures3 process4 dnsIp5 84 C:\Windows\SysWOW64\loaddll32Srv.exe, PE32 15->84 dropped 22 cmd.exe 1 15->22         started        24 rundll32.exe 15->24         started        27 loaddll32Srv.exe 15->27         started        34 7 other processes 15->34 92 239.255.255.250 unknown Reserved 18->92 114 Drops executables to the windows directory (C:\Windows) and starts them 18->114 29 msedge.exe 18->29         started        32 msedge.exe 18->32         started        file6 signatures7 process8 dnsIp9 37 rundll32.exe 22->37         started        116 Drops executables to the windows directory (C:\Windows) and starts them 24->116 39 rundll32Srv.exe 24->39         started        118 Multi AV Scanner detection for dropped file 27->118 41 DesktopLayer.exe 27->41         started        94 googlehosted.l.googleusercontent.com 142.250.186.33, 443, 49713 GOOGLEUS United States 29->94 96 152.195.19.97, 443, 49810 EDGECASTUS United States 29->96 98 5 other IPs or domains 29->98 80 C:\Windows\SysWOW64\rundll32Srv.exe, PE32 34->80 dropped 43 rundll32Srv.exe 2 34->43         started        file10 signatures11 process12 process13 45 rundll32Srv.exe 3 37->45         started        49 DesktopLayer.exe 39->49         started        51 iexplore.exe 41->51         started        53 DesktopLayer.exe 43->53         started        file14 82 C:\Program Files (x86)\...\DesktopLayer.exe, PE32 45->82 dropped 120 Multi AV Scanner detection for dropped file 45->120 122 Found evasive API chain (may stop execution after checking mutex) 45->122 55 DesktopLayer.exe 45->55         started        57 iexplore.exe 49->57         started        59 iexplore.exe 53->59         started        signatures15 process16 process17 61 iexplore.exe 74 112 55->61         started        process18 63 iexplore.exe 6 41 61->63         started        66 iexplore.exe 61->66         started        68 iexplore.exe 61->68         started        70 iexplore.exe 61->70         started        dnsIp19 100 code.jquery.com 151.101.194.137, 443, 49751, 49752 FASTLYUS United States 63->100 102 sb.scorecardresearch.com 18.244.18.38, 443, 49743, 49744 AMAZON-02US United States 63->102 72 ie_to_edge_stub.exe 1 63->72         started        74 ssvagent.exe 501 63->74         started        104 prod.appnexus.map.fastly.net 151.101.129.108, 443, 49842, 49843 FASTLYUS United States 66->104 process20 process21 76 msedge.exe 11 72->76         started        process22 78 msedge.exe 76->78         started       

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            WSock.dll95%ReversingLabsWin32.Worm.Ramnit
                            WSock.dll100%AviraW32/Ramnit.CD
                            WSock.dll100%Joe Sandbox ML

                            Dropped Files

                            SourceDetectionScannerLabelLink
                            C:\Program Files (x86)\Microsoft\DesktopLayer.exe100%AviraTR/Crypt.XPACK.AB.1
                            C:\Program Files (x86)\Microsoft\DesktopLayer.exe100%Joe Sandbox ML
                            C:\Program Files (x86)\Microsoft\DesktopLayer.exe100%ReversingLabsWin32.Trojan.Zeus
                            C:\Windows\SysWOW64\loaddll32Srv.exe100%ReversingLabsWin32.Trojan.Zeus
                            C:\Windows\SysWOW64\rundll32Srv.exe100%ReversingLabsWin32.Trojan.Zeus

                            Unpacked PE Files

                            No Antivirus matches

                            Domains

                            No Antivirus matches

                            URLs

                            SourceDetectionScannerLabelLink
                            http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS60%Avira URL Cloudsafe
                            http://www.chennaionline.com/ncommon/images/collogo.ico##U0%Avira URL Cloudsafe
                            http://search.livedoor.com/Q50%Avira URL Cloudsafe
                            http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=CBPW0%Avira URL Cloudsafe
                            http://img.shopzilla.com/shopzilla/shopzilla.icoX0%Avira URL Cloudsafe
                            http://search.chol.com/favicon.icow0%Avira URL Cloudsafe
                            http://www.neckermann.de/favicon.ico90%Avira URL Cloudsafe
                            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF8b0%Avira URL Cloudsafe
                            http://www.merlin.com.pl/d0%Avira URL Cloudsafe
                            http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS50%Avira URL Cloudsafe
                            http://search.ebay.com/favicon.icoN0%Avira URL Cloudsafe
                            http://esearch.rakuten.co.jp/S4D0%Avira URL Cloudsafe
                            http://search.auction.co.kr/S0%Avira URL Cloudsafe
                            http://search.lycos.com/favicon.ico/0%Avira URL Cloudsafe
                            http://api.bing.c0%Avira URL Cloudsafe
                            http://search.interpark.com/(50%Avira URL Cloudsafe
                            http://buscador.terra.com.br/t0%Avira URL Cloudsafe

                            Domains and IPs

                            Contacted Domains

                            NameIPActiveMaliciousAntivirus DetectionReputation
                            chrome.cloudflare-dns.com
                            		162.159.61.3
                            		truefalse
                              		high
                              code.jquery.com
                              		151.101.194.137
                              		truefalse
                                		high
                                sb.scorecardresearch.com
                                		18.244.18.38
                                		truefalse
                                  		high
                                  prod.appnexus.map.fastly.net
                                  		151.101.129.108
                                  		truefalse
                                    		high
                                    googlehosted.l.googleusercontent.com
                                    		142.250.186.33
                                    		truefalse
                                      		high
                                      sni1gl.wpc.nucdn.net
                                      		152.199.21.175
                                      		truefalse
                                        		high
                                        clients2.googleusercontent.com
                                        		unknown
                                        		unknownfalse
                                          		high
                                          assets.msn.com
                                          		unknown
                                          		unknownfalse
                                            		high
                                            www.msn.com
                                            		unknown
                                            		unknownfalse
                                              		high
                                              acdn.adnxs.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                c.msn.com
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  api.msn.com
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    browser.events.data.msn.com
                                                    		unknown
                                                    		unknownfalse
                                                      		high

                                                      Contacted URLs

                                                      NameMaliciousAntivirus DetectionReputation
                                                      https://code.jquery.com/jquery-3.6.3.min.jsfalse
                                                        		high

                                                        URLs from Memory and Binaries

                                                        NameSourceMaliciousAntivirus DetectionReputation
                                                        https://www.msn.com/favicon.ico?iexplore.exe, 00000008.00000002.2509099880.0000029F7D240000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://search.chol.com/favicon.icoiexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.merlin.com.pl/favicon.icoiexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507174419.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.msn.com/-iexplore.exe, 00000008.00000003.2358877639.0000029F7B33B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507539629.0000029F7B33B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.dailymail.co.uk/iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.msn.com/?ocid=iehpstorageTeststorageTestiexplore.exe, 00000008.00000002.2502968752.0000029F78960000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.chennaionline.com/ncommon/images/collogo.ico##Uiexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.mentalfloss.com/article/20331/12-things-you-might-not-know-about-christmas-story-even-thme[1].json.43.drfalse
                                                                      		high
                                                                      https://aefd.nelreports.net/api/report?cat=bingcspiexplore.exe, 00000008.00000003.1335947187.0000029F7B295000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1334416608.0000029F7B2C0000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507539629.0000029F7B2C0000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1335947187.0000029F7B2C0000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358877639.0000029F7B2C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://fr.search.yahoo.com/iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.gobankingrates.com/saving-money/car/cars-with-bad-reviews-to-avoid/?utm_term=related_linme[1].json.43.drfalse
                                                                            		high
                                                                            https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gF8bme[1].json.43.drfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://search.chol.com/favicon.icowiexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://search.livedoor.com/Q5iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://in.search.yahoo.com/iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://img.shopzilla.com/shopzilla/shopzilla.icoiexplore.exe, 00000008.00000003.1336814174.0000029F79966000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&Version=2008-06-26&Operation=ItemSeaiexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F79966000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.neckermann.de/favicon.ico9iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://img.shopzilla.com/shopzilla/shopzilla.icoXiexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=CBPWiexplore.exe, 00000008.00000002.2501666423.0000029F76C12000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://www.shopzilla.com/Jiexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS5iexplore.exe, 00000008.00000002.2501666423.0000029F76CBF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://www.merlin.com.pl/diexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://www.gobankingrates.com/retirement/planning/the-standard-retirement-age-in-the-us-vs-5-europeme[1].json.43.drfalse
                                                                                      		high
                                                                                      http://search.msn.co.jp/results.aspx?q=%7BsearchTerms%7D&FORM=AS6iexplore.exe, 00000008.00000002.2501666423.0000029F76CBF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://msk.afisha.ru/iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.reddit.com/iexplore.exe, 00000008.00000002.2509099880.0000029F7D196000.00000004.00000020.00020000.00000000.sdmp, msapplication.xml5.8.drfalse
                                                                                          		high
                                                                                          http://busca.igbusca.com.br//app/static/images/favicon.icoiexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F79966000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://www.forbes.com/sites/maryroeloffs/2024/10/04/menendez-brothers-case-gets-new-legal-review-asme[1].json.43.drfalse
                                                                                              		high
                                                                                              http://www.ya.com/favicon.icoiexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.etmall.com.tw/favicon.icoiexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://it.search.dada.net/favicon.icoiexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://search.ebay.com/favicon.icoNiexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://search.hanafos.com/favicon.icoiexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://cgi.search.biglobe.ne.jp/favicon.icoiexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.google.de/7iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.msn.com/favicon.icopiexplore.exe, 00000008.00000003.2358877639.0000029F7B33B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507539629.0000029F7B33B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://search.msn.co.jp/results.aspx?q=iexplore.exe, 00000008.00000003.1336650174.0000029F79976000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://buscar.ozu.es/iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://search.live.com/results.aspx?FORM=SOLTDF&q=iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507174419.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79976000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.google.it/iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://search.auction.co.kr/iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://search.auction.co.kr/Siexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      http://www.amazon.de/iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://www.google.com/igiexplore.exe, 00000008.00000002.2511530953.0000029F7E3D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://sads.myspace.com/iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://list.taobao.com/browse/search_visual.htm?n=15&q=iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://www.pchome.com.tw/favicon.icoiexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://browse.guardian.co.uk/favicon.icoiexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://google.pchome.com.tw/iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.rambler.ru/favicon.icoiexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://uk.search.yahoo.com/iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://search.lycos.com/favicon.ico/iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          http://www.ozu.es/favicon.icoiexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://www.univision.com/favicon.icoQiexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://openimage.interpark.com/interpark.icoiexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://search.yahoo.co.jp/favicon.icoiexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://www.gmarket.co.kr/iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79976000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://search.nifty.com/iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://www.google.si/iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://www.ask.com/~iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://www.soso.com/iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://apnews.com/article/oregon-ducks-big-ten-championship-956ad70b1eb06468e8e893412eb8e5b5me[1].json.43.drfalse
                                                                                                                                                              		high
                                                                                                                                                              http://esearch.rakuten.co.jp/S4Diexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                              		unknown
                                                                                                                                                              http://www.rakuten.co.jp/favicon.icoAiexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://api.bing.ciexplore.exe, 00000008.00000002.2506998087.0000029F79950000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                		unknown
                                                                                                                                                                http://www.mercadolivre.com.br/Eiexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://busca.orange.es/iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://cnweb.search.live.com/results.aspx?q=iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79986000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336872878.0000029F79985000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://www.twitter.com/iexplore.exe, 00000008.00000002.2509099880.0000029F7D196000.00000004.00000020.00020000.00000000.sdmp, msapplication.xml6.8.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://www.rottentomatoes.com/tv/the_handmaid_s_tale/s01me[1].json.43.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://www.whattowatch.com/news/netflix-has-just-added-your-next-crime-thriller-obsession-a-coming-me[1].json.43.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://www.gobankingrates.com/consider-financial-advisor-not-wealthy-2287035/?utm_term=related_linkme[1].json.43.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://search.interpark.com/(5iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                                              		unknown
                                                                                                                                                                              http://search.live.com/results.aspx?q=%7BsearchTerms%7D&src=%7Breferrer:source?%7D&Form=IE8SRCiexplore.exe, 00000008.00000002.2503154829.0000029F79380000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://search.orange.co.uk/favicon.icoiexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507077602.0000029F7996B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://www.iask.com/iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://search.live.com/results.aspx?q=%7BsearchTerms%7D&Form=IE8SRC&src=%7Breferrer:source%7D=iexplore.exe, 00000008.00000002.2503154829.0000029F79380000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://search.centrum.cz/favicon.icoiexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://www.gobankingrates.com/saving-money/car/great-cars-for-retirees-both-rich-poor-and-to-avoid/me[1].json.43.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://service2.bfast.com/iexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336893010.0000029F7996D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336814174.0000029F7996B000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507124984.0000029F7996E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://ariadna.elmundo.es/iexplore.exe, 00000008.00000002.2503154829.0000029F793D9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://www.news.com.au/favicon.icoiexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://it.search.yahoo.com/iexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79992000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://www.ceneo.pl/favicon.icoiexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://www.servicios.clarin.com/iexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://buscador.terra.com.br/tiexplore.exe, 00000008.00000003.1336847015.0000029F79988000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336763305.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      http://search.daum.net/favicon.icoiexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://www.msn.com/?ocid=iehpoaiexplore.exe, 00000008.00000003.2358877639.0000029F7B2F4000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507539629.0000029F7B2F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://www.kkbox.com.tw/iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://search.goo.ne.jp/favicon.icoiexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://search.msn.com/results.aspx?q=iexplore.exe, 00000008.00000003.1336763305.0000029F79974000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://list.taobao.com/iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://www.nytimes.com/iexplore.exe, 00000008.00000002.2509099880.0000029F7D196000.00000004.00000020.00020000.00000000.sdmp, msapplication.xml4.8.drfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://www.taobao.com/favicon.icoiexplore.exe, 00000008.00000003.1336619210.0000029F79967000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.2358660717.0000029F7940D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336706389.0000029F7996A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://www.etmall.com.tw/iexplore.exe, 00000008.00000003.1336559574.0000029F7997C000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336911159.0000029F7998D000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000002.2507226186.0000029F79997000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336650174.0000029F79983000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://ie.search.yahoo.com/os?command=iexplore.exe, 00000008.00000003.1336936658.0000029F79994000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://www.cnet.com/favicon.icoiexplore.exe, 00000008.00000002.2506998087.0000029F79960000.00000004.00000020.00020000.00000000.sdmp, iexplore.exe, 00000008.00000003.1336727565.0000029F7995F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high

                                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                            151.101.129.108
                                                                                                                                                                                                                            		prod.appnexus.map.fastly.netUnited States
                                                                                                                                                                                                                            		54113FASTLYUSfalse
                                                                                                                                                                                                                            152.195.19.97
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		15133EDGECASTUSfalse
                                                                                                                                                                                                                            18.244.18.38
                                                                                                                                                                                                                            		sb.scorecardresearch.comUnited States
                                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                                            162.159.61.3
                                                                                                                                                                                                                            		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                            239.255.255.250
                                                                                                                                                                                                                            		unknownReserved
                                                                                                                                                                                                                            		unknownunknownfalse
                                                                                                                                                                                                                            151.101.194.137
                                                                                                                                                                                                                            		code.jquery.comUnited States
                                                                                                                                                                                                                            		54113FASTLYUSfalse
                                                                                                                                                                                                                            142.250.186.33
                                                                                                                                                                                                                            		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                            172.64.41.3
                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                            		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                                            General Information

                                                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                            Analysis ID:1559312
                                                                                                                                                                                                                            Start date and time:2024-11-20 12:15:21 +01:00
                                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                            Overall analysis duration:0h 7m 24s
                                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                            Number of analysed new started processes analysed:50
                                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                                            Sample name:WSock.dll
                                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                                            Classification:mal100.troj.evad.winDLL@97/292@17/8
                                                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                                                            • Successful, ratio: 100%
                                                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                                                            • Successful, ratio: 94%
                                                                                                                                                                                                                            • Number of executed functions: 93
                                                                                                                                                                                                                            • Number of non-executed functions: 18
                                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                                            • Found application associated with file extension: .dll

                                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 184.28.89.167, 204.79.197.203, 13.107.42.16, 204.79.197.239, 13.107.21.239, 216.58.206.46, 2.23.209.158, 2.23.209.162, 2.23.209.143, 2.23.209.151, 2.23.209.160, 2.23.209.149, 2.23.209.144, 2.23.209.150, 2.23.209.156, 2.18.64.218, 2.18.64.203, 2.23.209.140, 2.23.209.141, 2.23.209.142, 23.38.98.74, 23.38.98.73, 23.38.98.119, 23.38.98.72, 23.38.98.120, 23.38.98.121, 23.38.98.75, 23.38.98.68, 23.38.98.123, 204.79.197.200, 13.107.21.237, 204.79.197.237, 13.74.129.1, 2.19.126.157, 2.19.126.151, 2.23.209.136, 2.23.209.133, 2.23.209.188, 2.23.209.192, 2.23.209.189, 2.23.209.191, 2.23.209.135, 2.23.209.130, 2.23.209.137, 52.182.143.209, 2.23.209.161, 52.168.112.67, 88.221.110.242, 88.221.110.195, 152.199.19.161, 72.21.81.200, 142.251.32.99, 142.250.65.163, 142.250.65.227
                                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, slscr.update.microsoft.com, img-s-msn-com.akamaized.net, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, e11290.dspg.akamaiedge.net, clients2.google.com, e86303.dscx.akamaiedge.net, config-edge-skype.l-0007.l-msedge.net, www.gstatic.com, l-0007.l-msedge.net, ieonline.microsoft.com, e28578.d.akamaiedge.net, www.bing.com, assets.msn.com.edgekey.net, fs.microsoft.com, c-bing-com.dual-a-0034.a-msedge.net, www-www.bing.com.trafficmanager.net, wildcardtlu-ssl.azureedge.net, a1834.dscg2.akamai.net, c.bing.com, onedscolprdcus07.centralus.cloudapp.azure.com, onedscolprdeus04.eastus.cloudapp.azure.com, clients.l.google.com, cs9.wpc.v0cdn.net, config.edge.skype.com.trafficmanager.net, c-msn-com-nsatc.trafficmanager.net, time.windows.com, iecvlist.microsoft.com, go.microsoft.com, www.bing.com.edgekey.net, th.bing.com, msedge.b.tlu.dl.delivery.mp.microsoft.com, config.edge.skype.com, edge-microsoft-com.dual-a-0036.a-msedge
                                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                            • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtSetValueKey calls found.
                                                                                                                                                                                                                            • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                            • VT rate limit hit for: WSock.dll

                                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                                                            06:16:25API Interceptor1x Sleep call for process: loaddll32.exe modified

                                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                                            IPs

                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                            151.101.129.108https://6n95d.outouncip.com/ZXvIWsw/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              https://developmentltd.online/Get hashmaliciousCaptcha PhishBrowse
                                                                                                                                                                                                                                https://en-docs-trezor---suit.webflow.io/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                  https://forested-band-tungsten.glitch.me/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    BraveBrowserSetup-BRV002.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      http://my-exodus---app.webflow.io/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        https://help-wllet-connect----auth.webflow.io/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          https://auth-sso-uphold-cdn.webflow.io/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                            https://help-cdn--eb-exten-coinbase.webflow.io/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                              https://help-cdn--exten--coinbase.webflow.io/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                152.195.19.97http://ustteam.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                • www.ust.com/
                                                                                                                                                                                                                                                18.244.18.38Unlock_Tool_v2.6.5.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                                                                                  file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                        file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                          file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                            ArenaWarsSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse

                                                                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                    code.jquery.comhttps://2kio0wi0iat.freewebhostmost.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                    • 151.101.194.137
                                                                                                                                                                                                                                                                    https://www.google.co.ao/url?Obdy=ObM8wNGVUva21gnTm3qS&cgsr=7knoOQwChvIkzgfn0TSm&sa=t&wofc=nQYL5DF797O1da77PTBQ&url=amp%2Fprimer-distrito-amvt.org%2F.r%2FiO8EME-SUREDANNaW50ZXJtb2RhbC5qYXhAc2VhYm9hcmRtYXJpbmUuY29tGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 151.101.2.137
                                                                                                                                                                                                                                                                    https://estudioit.cl/starl/#ZGVicmEuY2FydGVyQGNhc2EuZ292LmF1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 151.101.130.137
                                                                                                                                                                                                                                                                    https://mkwomens.com/iuefoiuherjhkjf/iuyrijkfjkoifjoijreiwiw/e9c4710345f07b1cf048900d092f8cdc/YW5nZWxhLnN1bW1lcnNieUBhc2h1cnN0LmNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 151.101.66.137
                                                                                                                                                                                                                                                                    https://s.id/nelsiGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                    • 151.101.66.137
                                                                                                                                                                                                                                                                    https://form.jotform.com/243186396374063Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                    • 151.101.130.137
                                                                                                                                                                                                                                                                    https://form.jotform.com/243186396374063Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                    • 151.101.2.137
                                                                                                                                                                                                                                                                    https://trimmer.to:443/GWHMYGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                    • 151.101.2.137
                                                                                                                                                                                                                                                                    https://nebula.homirax.ru/bZnB/#Fcgates@acc.orgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 151.101.130.137
                                                                                                                                                                                                                                                                    https://www.bing.com/ck/a?!&&p=5ceef533778c3decJmltdHM9MTcyMzQyMDgwMCZpZ3VpZD0zNjRmNjVlOC1lNTZjLTYxOWQtMTI1Ny03MTNlZTQyYTYwMTImaW5zaWQ9NTE0MA&ptn=3&ver=2&hsh=3&fclid=364f65e8-e56c-619d-1257-713ee42a6012&u=a1aHR0cHM6Ly9sZXhpbnZhcmlhbnQuY29tLw#aHR0cHM6Ly9HMTAuZHpwdndvYnIucnUvdkd5c2dQdC8=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 151.101.130.137
                                                                                                                                                                                                                                                                    chrome.cloudflare-dns.comfile.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Cryptbot, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                    exe004(1).exeGet hashmaliciousRamnitBrowse
                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                    Dell-Command-Update-Windows-Universal-Application_9M35M_WIN_5.4.0_A00.EXEGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 172.64.41.3
                                                                                                                                                                                                                                                                    #U65b0#U7248#U7f51#U5173.exeGet hashmaliciousBdaejec, Neshta, RamnitBrowse
                                                                                                                                                                                                                                                                    • 162.159.61.3
                                                                                                                                                                                                                                                                    sb.scorecardresearch.comfile.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                    • 18.245.60.107
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                    • 18.245.60.53
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 13.32.110.123
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 18.165.183.30
                                                                                                                                                                                                                                                                    QuarantineMessage.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 18.245.60.53
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 13.32.110.104
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 13.32.99.21
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Cryptbot, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 13.32.99.21
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 18.245.60.53
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 18.244.18.27

                                                                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                    AMAZON-02UShttps://forms.office.com/e/sx5d94wMnAGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 13.35.58.5
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                    • 18.238.49.52
                                                                                                                                                                                                                                                                    IBKB.vbsGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                                                                                                                                                                                                                    • 18.141.10.107
                                                                                                                                                                                                                                                                    CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                    • 13.248.169.48
                                                                                                                                                                                                                                                                    https://c9amf220.caspio.com/dp/3ba5e0002add93b7ba4f4d22b51dGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 54.66.122.58
                                                                                                                                                                                                                                                                    arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 54.171.230.55
                                                                                                                                                                                                                                                                    sostener.vbsGet hashmaliciousRemcosBrowse
                                                                                                                                                                                                                                                                    • 52.217.196.57
                                                                                                                                                                                                                                                                    SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                    • 76.223.74.74
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                    • 18.245.60.53
                                                                                                                                                                                                                                                                    New Order - RCII900718_Contract Drafting.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                    • 13.248.169.48
                                                                                                                                                                                                                                                                    EDGECASTUSfile.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                    • 152.195.19.97
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                    • 152.195.19.97
                                                                                                                                                                                                                                                                    https://atpscan.global.hornetsecurity.com/?d=zgarMAzqF8gJdiyz7BRUZX8-Kt1RoHrhrMmKtaU9kW8&f=VhLn9tqiibnSyqWDnEopjApZtye8WgAc5bwx7BMFWiKwqjA1EcPjZyfvoQy11klP&i=&k=QQhP&m=0jL9ajZ_jxYnMJb2yb4luNRYQCXy24RTS6RPwUyZoAcuBVX0kzGA69aOJSo0d2htwIsi238bOVH3h3HqrhJGfzTuFk7GTjJWYsgIrocXphf5x2p4nZ7S2EABjAck31fG&n=TU5FjsulXTMv8aeSlx257utLr9bUpfdm0dDB4GNEHfOuhOvtIOr62mZHw3PXGZeG&r=qntyoaxGftDLRu_wopiK2t_EdeZaeg9mP15ZZI-qDen_3s7cQ10pAlhKQQnYAIUX&s=c4a8f5ec353e41b8b414bdcf47b33dd5d6b52b0394e0e4a09cc54527f49761c3&u=https%3A%2F%2Fthe1oomisagency.com%2Fthyu%2FGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 152.195.15.58
                                                                                                                                                                                                                                                                    https://estudioit.cl/starl/#ZGVicmEuY2FydGVyQGNhc2EuZ292LmF1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 152.199.21.175
                                                                                                                                                                                                                                                                    http://www.dvdcollections.co.uk/search/redirect.php?deeplink=https://lp-engenharia.com/zerooo/?email=mwright@burbankca.govGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                    • 152.199.21.175
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 152.195.19.97
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 152.195.19.97
                                                                                                                                                                                                                                                                    https://online-e.net/st-manager/click/track?id=795&type=raw&url=https://msc-mu.com/apikey-tyudqnhzdgevhdbasx/secure-redirect%23Darth.Vader%2BDeathStar.com&source_url=https%3A%2F%2Fonline-e.net%2Feven-if-even-though%2F&source_title=Even%20if%E3%81%A8Even%20thoughGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 152.199.21.175
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                    • 152.195.19.97
                                                                                                                                                                                                                                                                    https://brand.site/896562718995127961820892Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                    • 152.199.21.175
                                                                                                                                                                                                                                                                    FASTLYUShttps://github.com/Ultimaker/Cura/releases/download/5.9.0/UltiMaker-Cura-5.9.0-win64-X64.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 185.199.111.133
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                    • 151.101.129.91
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                                                                                                    http://mt6j71.p1keesoulharmony.com/Get hashmaliciousHTMLPhisher, EvilProxyBrowse
                                                                                                                                                                                                                                                                    • 151.101.65.229
                                                                                                                                                                                                                                                                    https://files-pdf-73j.pages.dev/?e=info@camida.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 151.101.193.229
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                    • 151.101.65.91
                                                                                                                                                                                                                                                                    https://c9amf220.caspio.com/dp/3ba5e0002add93b7ba4f4d22b51dGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 151.101.129.140
                                                                                                                                                                                                                                                                    https://github.com/bambulab/BambuStudio/releases/download/v01.10.01.50/Bambu_Studio_win_public-v01.10.01.50-20241115162711.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 185.199.111.133
                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                    • 151.101.129.91

                                                                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                    6271f898ce5be7dd52b0fc260d0662b3AaronGiles(1).exeGet hashmaliciousPureCrypterBrowse
                                                                                                                                                                                                                                                                    • 151.101.194.137
                                                                                                                                                                                                                                                                    • 18.244.18.38
                                                                                                                                                                                                                                                                    • 151.101.129.108
                                                                                                                                                                                                                                                                    PO-000041492.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 151.101.194.137
                                                                                                                                                                                                                                                                    • 18.244.18.38
                                                                                                                                                                                                                                                                    • 151.101.129.108
                                                                                                                                                                                                                                                                    Credit_DetailsCBS24312017915.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 151.101.194.137
                                                                                                                                                                                                                                                                    • 18.244.18.38
                                                                                                                                                                                                                                                                    • 151.101.129.108
                                                                                                                                                                                                                                                                    nested-phish_alert_sp2_2.0.0.0.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 151.101.194.137
                                                                                                                                                                                                                                                                    • 18.244.18.38
                                                                                                                                                                                                                                                                    • 151.101.129.108
                                                                                                                                                                                                                                                                    https://www.google.ie/url?q=queryy8px(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3Dquery(spellCorrectionEnabled%3Atrue%2CrecentSearchParam%3A(id%3A3891228890%2CdoLogHistory%3Atrue)%2Cfilters%3AList((type%3AREGION%2Cvalues%3AList((id%3A103644278%2Ctext%3AUnited%2520States%2CselectionType%3AINCLUDED))))%2Ckeywords%3Aremote)&sessionId=5NTcRf4wT3OOZdAOuNu6%2FQ%3D%3D&sa=t&url=amp%2ftranscabrera.com%2fyaya%2f37w6telbuncxaji5ywvxeooxd1ok88ou67nhi/bWFyay5tY2tlbnppZUBtYWdlbGxhbmxwLmNvbQ==$?Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                    • 151.101.194.137
                                                                                                                                                                                                                                                                    • 18.244.18.38
                                                                                                                                                                                                                                                                    • 151.101.129.108
                                                                                                                                                                                                                                                                    https://brand.site/896562718995127961820892Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                    • 151.101.194.137
                                                                                                                                                                                                                                                                    • 18.244.18.38
                                                                                                                                                                                                                                                                    • 151.101.129.108
                                                                                                                                                                                                                                                                    EIR5pTRn9R.exeGet hashmaliciousDragonForceBrowse
                                                                                                                                                                                                                                                                    • 151.101.194.137
                                                                                                                                                                                                                                                                    • 18.244.18.38
                                                                                                                                                                                                                                                                    • 151.101.129.108
                                                                                                                                                                                                                                                                    NoteID [4962398] _Secure_Document_Mrettinger-46568.docxGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                    • 151.101.194.137
                                                                                                                                                                                                                                                                    • 18.244.18.38
                                                                                                                                                                                                                                                                    • 151.101.129.108
                                                                                                                                                                                                                                                                    phish_alert_sp1_1.0.0.0(1).emlGet hashmaliciousKnowBe4Browse
                                                                                                                                                                                                                                                                    • 151.101.194.137
                                                                                                                                                                                                                                                                    • 18.244.18.38
                                                                                                                                                                                                                                                                    • 151.101.129.108
                                                                                                                                                                                                                                                                    REMITTANCE_Confrimationsslip54342Bqlaw.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                    • 151.101.194.137
                                                                                                                                                                                                                                                                    • 18.244.18.38
                                                                                                                                                                                                                                                                    • 151.101.129.108

                                                                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                    C:\Program Files (x86)\Microsoft\DesktopLayer.exeexe004(1).exeGet hashmaliciousRamnitBrowse
                                                                                                                                                                                                                                                                      SecuriteInfo.com.Win32.Evo-gen.32510.30631.exeGet hashmaliciousGhostRat, Nitol, RamnitBrowse
                                                                                                                                                                                                                                                                        ExeFile (54).exeGet hashmaliciousRamnitBrowse
                                                                                                                                                                                                                                                                          LisectAVT_2403002B_404.dllGet hashmaliciousRamnitBrowse
                                                                                                                                                                                                                                                                            LisectAVT_2403002B_404.dllGet hashmaliciousRamnitBrowse
                                                                                                                                                                                                                                                                              LisectAVT_2403002C_110.dllGet hashmaliciousRamnitBrowse
                                                                                                                                                                                                                                                                                LisectAVT_2403002C_110.dllGet hashmaliciousRamnitBrowse
                                                                                                                                                                                                                                                                                  LisectAVT_2403002C_124.exeGet hashmaliciousBdaejec, RamnitBrowse
                                                                                                                                                                                                                                                                                    LisectAVT_2403002B_368.dllGet hashmaliciousRamnitBrowse
                                                                                                                                                                                                                                                                                      LisectAVT_2403002B_281.dllGet hashmaliciousRamnitBrowse

                                                                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\Microsoft\DesktopLayer.exe

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\rundll32Srv.exe
                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):56320
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.885141518979198
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:Q+hzRsibKplyXTq8OGRnsPFG+RODTb7MXL5uXZnzE:bROzoTq0+RO7IwnY
                                                                                                                                                                                                                                                                                        MD5:FF5E1F27193CE51EEC318714EF038BEF
                                                                                                                                                                                                                                                                                        SHA1:B4FA74A6F4DAB3A7BA702B6C8C129F889DB32CA6
                                                                                                                                                                                                                                                                                        SHA-256:FD6C69C345F1E32924F0A5BB7393E191B393A78D58E2C6413B03CED7482F2320
                                                                                                                                                                                                                                                                                        SHA-512:C9D654EAD35F40EEA484A3DC5B5D0A44294B9E7B41A9BACDAFDD463D3DE9DAA2A43237A5F113F6A9C8EA5E1366823FD3D83DA18CD8197AA69A55E9F345512A7A
                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                                                                        • Rule: MAL_Ramnit_May19_1, Description: Detects Ramnit malware, Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exe, Author: Florian Roth
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 100%
                                                                                                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                                                                                                        • Filename: exe004(1).exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                        • Filename: SecuriteInfo.com.Win32.Evo-gen.32510.30631.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                        • Filename: ExeFile (54).exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                        • Filename: LisectAVT_2403002B_404.dll, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                        • Filename: LisectAVT_2403002B_404.dll, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                        • Filename: LisectAVT_2403002C_110.dll, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                        • Filename: LisectAVT_2403002C_110.dll, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                        • Filename: LisectAVT_2403002C_124.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                        • Filename: LisectAVT_2403002B_368.dll, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                        • Filename: LisectAVT_2403002B_281.dll, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                        Preview:MZ......................@.......................................................................................................................................................................................................................................PE..L....|.G............................0.............@.................................................................................................................................................................................................UPX0....................................UPX1................................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................................................3.03.UPX!....

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):4286
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.8046022951415335
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:suZOWcCXPRS4QAUs/KBy3TYI42Apvl6wheXpktCH2Yn4KgISQggggFpz1k9PAYHu:HBRh+sCBykteatiBn4KWi1+Ne
                                                                                                                                                                                                                                                                                        MD5:DA597791BE3B6E732F0BC8B20E38EE62
                                                                                                                                                                                                                                                                                        SHA1:1125C45D285C360542027D7554A5C442288974DE
                                                                                                                                                                                                                                                                                        SHA-256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
                                                                                                                                                                                                                                                                                        SHA-512:D8DC8358727590A1ED74DC70356AEDC0499552C2DC0CD4F7A01853DD85CEB3AEAD5FBDC7C75D7DA36DB6AF2448CE5ABDFF64CEBDCA3533ECAD953C061A9B338E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:...... .... .........(... ...@..... ...................................................................................................................................................................................................N...Sz..R...R...P...N..L..H..DG..........................................................................................R6..U...U...S...R...P...N..L..I..F..B...7...............................................................................S6..V...V...U...S...R...P...N..L..I..F..C...?..:z......................................................................O...W...V...V...U...S...R...P...N..L..I..E..C...?...;..{7..q2$..............................................................T..D..]...S)..p6..J...R...P...N..L..I..E..B..>..;..z7..p2..f,X.........................................................A..O#..N!..N!..N!..P$..q:...P...N..K..I..E..A..=..9..x5..n0..e,...5...................................................Ea.Z,..T$..T$..T

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1b1657a1-a16f-49c0-aeb0-8510eab48ffe.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):57703
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.1042058280418585
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7yOkPGWv/sxtw0j7VLyMV/YoskFoz:z/0+zI7yOwv/4KWVeZoskG
                                                                                                                                                                                                                                                                                        MD5:141F6351BA40AD7B0C633BF1D2651308
                                                                                                                                                                                                                                                                                        SHA1:2A167CF15609AF27FCEB71B0AC53DEE981F8D4CF
                                                                                                                                                                                                                                                                                        SHA-256:2867B206047E30901BC84ED5652826D602AD6F8B7BC72606A98CDA5E9440E3B4
                                                                                                                                                                                                                                                                                        SHA-512:2FAA32EE775F449A0BCCE227170C0B0B509F1CD03825CF70BAA2C9011BAF57B2D79D6684C8FA6F07A43C15375700776B3D797F77E5E22F08D9577F3CF46C44B7
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\590bca90-0bb2-4d55-8152-444b3d3a2a9d.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):45071
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.085747878312279
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:768:OMkbJrT8IeQcrQgx8EKKGf4JhtgRlbfnFQh7YEnn6CioC7DRo+yM/42cRaLMos7Z:OMk1rT8HRZt0Y1n6FoC7VLyMV/Yost
                                                                                                                                                                                                                                                                                        MD5:D2E8BFC57FC650FAD47AE1B4AA926B36
                                                                                                                                                                                                                                                                                        SHA1:86AE4F5237EB59B195A6FF990C2DA30D3C8624EA
                                                                                                                                                                                                                                                                                        SHA-256:5EA62265122A8781F3D9409F0E661C5B11699CF585152B920958BC82E37C0DBB
                                                                                                                                                                                                                                                                                        SHA-512:E334541327D647E80BFDCA760139F9DAB32473A8F4FB86F1EF38BAA7FD59D4EC2C98B8608DD4A1AEC9948FEFBCC988849AF54F46C6AF7A8257FB8931771AEAAA
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd198r5dr5VYgHj55vViEOsF96z3F4ONrN2yeYHGQlo5wvtB8h5moYSz3q4XkgOLF68CtN9

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\5d03d643-14ba-475e-8923-7a61ae7f5b38.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):45071
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.085749117790156
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:768:OMkbJrT8IeQcrQgxNEKKGf4JhtgRlbfnFQh7YEnn6CioC7DRo+yM/42cRaLMos7Z:OMk1rT8HRGt0Y1n6FoC7VLyMV/Yost
                                                                                                                                                                                                                                                                                        MD5:ED4E1D55854D7D8908DCD123AA230002
                                                                                                                                                                                                                                                                                        SHA1:FB02F10D0AA82EA63AFC36D4FB78072E45643B56
                                                                                                                                                                                                                                                                                        SHA-256:3F96CB00E309D27573E03F2A48F162D865E725BDAC16E85EC935F089AFE23623
                                                                                                                                                                                                                                                                                        SHA-512:237C70DA9E2EFE909BCFDDECC05131D8C047D9FCE74B1007FFF50551BFE79F043D2536289170F313B2F3E905D434F035D9D540F3F2253C8CFB99C9BFDA8FDB99
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd198r5dr5VYgHj55vViEOsF96z3F4ONrN2yeYHGQlo5wvtB8h5moYSz3q4XkgOLF68CtN9

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\6fe8b7f7-4b1b-40bd-b2e9-0d04d47537ac.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                                        Size (bytes):57631
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.103710041967124
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7ynjPGWv/sxtwRj7VLyMV/YoskFoz:z/0+zI7ynbv/4KxVeZoskG
                                                                                                                                                                                                                                                                                        MD5:688DE99CCDD0494BC68AA90F398A59C3
                                                                                                                                                                                                                                                                                        SHA1:CAECC88053BF6EE8BA62FBF00C3F0D7164BC2A4A
                                                                                                                                                                                                                                                                                        SHA-256:117973A413A3C7B1F79C49D3B9A729D5B9B9E2BE98447F09B50FE3751FB97241
                                                                                                                                                                                                                                                                                        SHA-512:D7CE1C2D0DA0338CF9612337B93C9493E35CD09F2C5C8B710474D99F78E5828E89E3652A7046D4915FCBF45BCD3F73003E9D16CE8E3C381BBE11A2C57F8348D0
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\96d0d88f-85b8-4c45-8f55-222c40dde2ef.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):59327
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.098931547031225
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:OMk1rT8HRNPGWv/sxtw2t0o1n6FoC7VLyMV/Yost:OMYrT8xtv/4K2t0osfVeZost
                                                                                                                                                                                                                                                                                        MD5:625E225BFE1478377C0B69C5B98327DC
                                                                                                                                                                                                                                                                                        SHA1:217BBFB5FEE260CE59299BA51E2386FBE44B92F9
                                                                                                                                                                                                                                                                                        SHA-256:795247C41E83DA7ACE9C7D43FB3F212AAC2DD55849C4B48BD8E4623609A94BB7
                                                                                                                                                                                                                                                                                        SHA-512:FF32F0D9820D9E374CE3EE257B039D26350E75F5D41BD5867219DA81AC4FD0281E37FB39C2517B2C9E523B6AF5204BED36AECA33CA5BBC82F230F9E0006C4F5D
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd198r5dr5VYgHj55vViEOsF96z3F4ONrN2yeYHGQlo5wvtB8h5moYSz3q4XkgOLF68CtN9

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\904e46f6-2d7e-4e42-a490-3fef67912903.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):107893
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.64013246649014
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P78:fwUQC5VwBIiElEd2K57P78
                                                                                                                                                                                                                                                                                        MD5:10101225085294C4AA9050CEF19E599D
                                                                                                                                                                                                                                                                                        SHA1:D1E683B46B7E0B1C4DE538392F7ACB4DF6280404
                                                                                                                                                                                                                                                                                        SHA-256:6F703C25109774C2D844787790FFA45183787FBFA140A5AEAD247638E0987C21
                                                                                                                                                                                                                                                                                        SHA-512:A8C5867A96AD36813905AD2C01D5C18CBB82D3F1F91DFCE64E48D60EED226F1F16DBD5F3B8FC9DF065D0C641A3245EC6E59556EE4B2C219852B0C43584D334F4
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):107893
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.64013246649014
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P78:fwUQC5VwBIiElEd2K57P78
                                                                                                                                                                                                                                                                                        MD5:10101225085294C4AA9050CEF19E599D
                                                                                                                                                                                                                                                                                        SHA1:D1E683B46B7E0B1C4DE538392F7ACB4DF6280404
                                                                                                                                                                                                                                                                                        SHA-256:6F703C25109774C2D844787790FFA45183787FBFA140A5AEAD247638E0987C21
                                                                                                                                                                                                                                                                                        SHA-512:A8C5867A96AD36813905AD2C01D5C18CBB82D3F1F91DFCE64E48D60EED226F1F16DBD5F3B8FC9DF065D0C641A3245EC6E59556EE4B2C219852B0C43584D334F4
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):4194304
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                                                                        MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                                                                                                        SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                                                                                                        SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                                                                                                        SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):4194304
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3::
                                                                                                                                                                                                                                                                                        MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                                                                                                                                                                                        SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                                                                                                                                                                                        SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                                                                                                                                                                                        SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-673DC502-1C20.pma

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):4194304
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.04767994084133929
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:j580m5tm9hnOAU5YCXJPi6VBKP7+G1gsXSCI75kvjBzhc5N9Mf+RQ9abEVpEhn8H:180UtYhQXMqNahMimSpo08T2RGOD
                                                                                                                                                                                                                                                                                        MD5:298E7AD8D6B3045686A4A26CC2422780
                                                                                                                                                                                                                                                                                        SHA1:6252A3AC539F9B662DCEDA9524DE3DA8D823D0E0
                                                                                                                                                                                                                                                                                        SHA-256:2A2D4067E669B7082C36324BA8E3AB91F7E7EB193CD47B62FD6ED51C289E91F6
                                                                                                                                                                                                                                                                                        SHA-512:2857A1C9E418EC4082DB24F88B499D8CC6432A4FFFEBD7874F8682EE2328CDFD3AE59B737065579D921112CD5624099752A452C696A82D073F6BB323500151B2
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:...@..@...@.....C.].....@............... k...Z..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".riagan20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@...............................0...w..U...&..`v.>.........."....."...24.."."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z....l....'@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2..........I...... .`2.........

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-673DC503-1D80.pma

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):4194304
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.3619942670677854
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3072:pbrXLF0C/jqZMzO5ut9MVhnajdbJSRg4Gw43FfqvRp4gVMtff4iQaaJKqDdy86DI:Zp0WGajjSRgPCdy8PaHWUzg1L
                                                                                                                                                                                                                                                                                        MD5:3B426403A4D2245A82C47AAE20389D34
                                                                                                                                                                                                                                                                                        SHA1:767DD6BD049254F4BA78F3437EC599628F3E795C
                                                                                                                                                                                                                                                                                        SHA-256:4B8F091DB69748EC69046E326597BD44D69A8B73097697F9165DE38122399E2B
                                                                                                                                                                                                                                                                                        SHA-512:8712B53B00013692C2099A567780A49DD26CA76FF639CDD82F989873AA1F63CD286CF47DF0245EB76D6F3DBB507AC6FAFE91701B7E372026BD2FF499061095FF
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:...@..@...@.....C.].....@...................................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452....x86_64..?.......".riagan20,1(.0..8..B....(.....10.0.19041.5462.Google Inc. (Google):bANGLE (Google, Vulkan 1.3.0 (SwiftShader Device (Subzero) (0x0000C0DE)), SwiftShader driver-5.0.0)M..BU..Be...?j...GenuineIntel... .. ..............x86_64...J../T...^o..J...Y...^o..J..w....^o..J..A....^o..J..1H...^o..J....c..^o..J...c=..^o..J....J..^o..J..3.(..^o..J.......^o..J...b.J.^o..J...#...^o..J....k..^o..J..?....^o..J..S..O.^o..J..l.zL.^o..J..@."..^o..J..?U...^o..J..!..h.^o..J..z{...^o..J..n....^o..J..0....^o..J....%.^o..J...I.r.^o..J.......^o..J..ZK...^o..J.....^o..J.......^o..J...'x#.^o..J......^o..J....\.^o..J.......^o.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):280
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.16517681506792
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:FiWWltlrPYjpVjP9M4UcLH3RvwAH/llwBVP/Sh/Jzv/jSIHmsdJEU9VUn5lt:o1rPWVjWZq3RvtNlwBVsJDL7b/3U7
                                                                                                                                                                                                                                                                                        MD5:C847567DEE0317368C1EC824DE025887
                                                                                                                                                                                                                                                                                        SHA1:554098F22FEA9282FE1AAB35560849CD6FF546B1
                                                                                                                                                                                                                                                                                        SHA-256:3CF2B1CBE4F4CCFC640BCF581FD4D9FC84254D2B3839C96EA4909B61AAF28932
                                                                                                                                                                                                                                                                                        SHA-512:A976744405F6ABEBFB7513A3A6A776680334BB94A9E52AEEFE2B05259BCB3CF9781B1CCDA3655D8AA4C1E923143168F29EF3208F81ABCB93AFF5215ED3798219
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:sdPC.....................!...W.F....+F."xDkc0HT9c2ekfj/3J+6x4yELW+Knys1OtBnWqRtJUmw="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................8889edf7-b09d-4a45-9ea5-adabbfd01bb9............

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\1096a00f-2b21-4ab4-8e45-bee927353226.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\2dab2b9b-ad20-4b6d-99dd-00b3927d1f2f.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):30244
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.5669869077853384
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:768:iW9ud57pLGLPGXWPJtfvH8F1+UoAYDCx9Tuqh0VfUC9xbog/OVePEO68DrwK4pQV:iW9udPcPGXWPJtfvHu1jafPEL84Ut3
                                                                                                                                                                                                                                                                                        MD5:5EA474BAE6894CCDD02F09D2D59FDAB9
                                                                                                                                                                                                                                                                                        SHA1:5512D3A2D4A6B937466658F10E048364B66C6AED
                                                                                                                                                                                                                                                                                        SHA-256:655D51F4FD543A8390F5A19A98E3068F35448D8836DB7AEE5BB56E6F1660C155
                                                                                                                                                                                                                                                                                        SHA-512:6E93BB780FB15BA25A22699190B598ECB8DFEBA8F3EE543F2C836F29E506338B883CEF403CE38FBAD154477D4206CAA82CD87A86F662636E784EA5CD7CDD4328
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13376574979762809","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13376574979762809","location":5,"ma

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\4b261621-21ad-423a-9371-e06c9ebbc706.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):8102
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.217192444489239
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:st5QsNdWNmaNPrp9xdQQkOsY8bV+FiATS+PLMJ:st5QsNdWN5JrXxEbGiHZ
                                                                                                                                                                                                                                                                                        MD5:A12E1BFDC8BFB102C6FAC2E5A633F405
                                                                                                                                                                                                                                                                                        SHA1:F91A6048E9C1BBDC78283E032322E30FFBCD6618
                                                                                                                                                                                                                                                                                        SHA-256:97FAD0092F6B88C4754A591888A6D9E7E9EAA86A513E3F4C2F31C46140D07BB4
                                                                                                                                                                                                                                                                                        SHA-512:B56644667E6218C4D11F579EF95A399A9E45A70A8C87C95225E5BB2FD22D5344B8EEFBCB9E63DDC3E6D535E669168D81738FD309E5896F0FF8BEF7787391EBFE
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376574980226080","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13376574980227306"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\56265531-db48-4dce-a8c9-2fe59f57f4ae.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):25012
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.56828410211618
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:768:iW9u5XWPJtf0H8F1+UoAYDCx9Tuqh0VfUC9xbog/OV3O68DrwK7pQtuB:iW9u5XWPJtf0Hu1jaeL84RtC
                                                                                                                                                                                                                                                                                        MD5:E221BD2C4050000C31DDED7FB300F607
                                                                                                                                                                                                                                                                                        SHA1:3A3272A6CD19BDEF675991FD92BD715551D9D7E6
                                                                                                                                                                                                                                                                                        SHA-256:551DB4EB0688A56F3CE1B69405A56EFCC2086564F45D3F457C19FB322AC1CDF2
                                                                                                                                                                                                                                                                                        SHA-512:5D457E07E7F8C6EFE2A30094638F62DB0D58FE9358533058CECEEC984B8B811F993DCF255DAADDBA4219A8ACB015B9D110EBA74AACD04D72A1B4BA34ACE046F7
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13376574979762809","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13376574979762809","location":5,"ma

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9a1e30a4-a24c-41d1-87dc-7b94a1133688.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):8102
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.21694032048814
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:st5QsNdWNmaNPrp9xdQQkOsY8bV+FiApS+PLMJ:st5QsNdWN5JrXxEbGiVZ
                                                                                                                                                                                                                                                                                        MD5:0CB2D511A7C7F161370EB7F214574CB7
                                                                                                                                                                                                                                                                                        SHA1:028464EC970321E5D33506A73CCF504EB775316D
                                                                                                                                                                                                                                                                                        SHA-256:5260A330BBFDA2E386CF82841F753900A3AAA0083F2A4D921A7C9BC959BA435E
                                                                                                                                                                                                                                                                                        SHA-512:E63A9DFB58604882753D043C327D128D4C8994535802430AA00D247544EF2F5C9F50F5C23D3534FCAD788D3444A1E7270EE8F04C21924F34D2E17E737E3E646E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376574980226080","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13376574980227306"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9ade81f7-ca3c-4d89-8aa0-33364e504a52.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                                        Size (bytes):12889
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.3804703347324345
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:MeA7NzzQdTCu960h80CZrOCVyQbrrPI3lqLmCcWMAS:jA7Z+60h80CZayrPI3lqSCcWvS
                                                                                                                                                                                                                                                                                        MD5:68222FE77EB9F8917130D33C3B94C201
                                                                                                                                                                                                                                                                                        SHA1:030713651FD1797ADE80F65673D49DF3D7497528
                                                                                                                                                                                                                                                                                        SHA-256:80C893F06B549016C903F97AEDBA20F537C9EE5C81A11678DF257824F512B2CD
                                                                                                                                                                                                                                                                                        SHA-512:C7964B1C20998456B45D4B71911D24FBD2A43DB0878B6EDA27C12998383ABB23146D337320DAD1FB8DEC45FCB68C87D167FC776CFBF66BB96376D3B8A43D47B9
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:...m.................DB_VERSION.1.....................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340965219355520.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):342
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.123776268745949
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:H2xC+q2PcNwi23oH+Tcwt9Eh1tIFUt8Y2LXWZmw+Y2mvyNVkwOcNwi23oH+TcwtY:wTvLZYeb9Eh16FUt8o/+/54ZYeb9Eh1H
                                                                                                                                                                                                                                                                                        MD5:B0A01CFF0BD67D22EBF8E5C633D7EB32
                                                                                                                                                                                                                                                                                        SHA1:0B385A11844C0CDE77A05861E3598C7490A7E688
                                                                                                                                                                                                                                                                                        SHA-256:B0543C1F1C3C4BE66C4AAA90D1EDFB47A9FEB74CFB07FD310D3486EF4A2BB232
                                                                                                                                                                                                                                                                                        SHA-512:B2CB89B6537A970230D68BF2823CDC5C2445CD698EA2E9D51CD84675EF2ABB24908E1AEEBC6ADEEA5015473EADB2B118861E8A5ECCAB4DD9DCBEC0B02386F911
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:2024/11/20-06:16:30.714 21f8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/11/20-06:16:30.716 21f8 Recovering log #3.2024/11/20-06:16:30.720 21f8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):342
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.123776268745949
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:H2xC+q2PcNwi23oH+Tcwt9Eh1tIFUt8Y2LXWZmw+Y2mvyNVkwOcNwi23oH+TcwtY:wTvLZYeb9Eh16FUt8o/+/54ZYeb9Eh1H
                                                                                                                                                                                                                                                                                        MD5:B0A01CFF0BD67D22EBF8E5C633D7EB32
                                                                                                                                                                                                                                                                                        SHA1:0B385A11844C0CDE77A05861E3598C7490A7E688
                                                                                                                                                                                                                                                                                        SHA-256:B0543C1F1C3C4BE66C4AAA90D1EDFB47A9FEB74CFB07FD310D3486EF4A2BB232
                                                                                                                                                                                                                                                                                        SHA-512:B2CB89B6537A970230D68BF2823CDC5C2445CD698EA2E9D51CD84675EF2ABB24908E1AEEBC6ADEEA5015473EADB2B118861E8A5ECCAB4DD9DCBEC0B02386F911
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:2024/11/20-06:16:30.714 21f8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/11/20-06:16:30.716 21f8 Recovering log #3.2024/11/20-06:16:30.720 21f8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):354
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.189092290193499
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:H2ImVOq2PcNwi23oH+TcwtnG2tMsIFUt8Y2ImVXZmw+Y2ImVFkwOcNwi23oH+Tci:bmAvLZYebn9GFUt8ymh/+ym754ZYebnB
                                                                                                                                                                                                                                                                                        MD5:29BCFCC580DABEA32911C7625A8D363F
                                                                                                                                                                                                                                                                                        SHA1:F6C57399D0EB5C18D13F55DA9320C30882ACA149
                                                                                                                                                                                                                                                                                        SHA-256:D1EF156259D81B2755E3B46FA9C077C40D18584C06F06907CD3955514B8E55DE
                                                                                                                                                                                                                                                                                        SHA-512:0A2E0A04DE026B0D7410D90772472575C09F23DED8AE9794B6294F831EC4E059E03E067BEC885F02892E05E0C188C0B7614BA649B6CA311B043E6B68D3B04900
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:2024/11/20-06:16:19.764 1ef0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/11/20-06:16:19.764 1ef0 Recovering log #3.2024/11/20-06:16:19.764 1ef0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):354
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.189092290193499
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:H2ImVOq2PcNwi23oH+TcwtnG2tMsIFUt8Y2ImVXZmw+Y2ImVFkwOcNwi23oH+Tci:bmAvLZYebn9GFUt8ymh/+ym754ZYebnB
                                                                                                                                                                                                                                                                                        MD5:29BCFCC580DABEA32911C7625A8D363F
                                                                                                                                                                                                                                                                                        SHA1:F6C57399D0EB5C18D13F55DA9320C30882ACA149
                                                                                                                                                                                                                                                                                        SHA-256:D1EF156259D81B2755E3B46FA9C077C40D18584C06F06907CD3955514B8E55DE
                                                                                                                                                                                                                                                                                        SHA-512:0A2E0A04DE026B0D7410D90772472575C09F23DED8AE9794B6294F831EC4E059E03E067BEC885F02892E05E0C188C0B7614BA649B6CA311B043E6B68D3B04900
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:2024/11/20-06:16:19.764 1ef0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/11/20-06:16:19.764 1ef0 Recovering log #3.2024/11/20-06:16:19.764 1ef0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):418
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                        MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                        SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                        SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                        SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):330
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.150331071675107
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:H2NPq2PcNwi23oH+Tcwt8aPrqIFUt8Y2PZmw+Y2AkwOcNwi23oH+Tcwt8amLJ:cvLZYebL3FUt8V/+y54ZYebQJ
                                                                                                                                                                                                                                                                                        MD5:F86F9B3A02C3BA84A06408BA9E0D02FD
                                                                                                                                                                                                                                                                                        SHA1:8742A9A73F0A2E7024A643CD4266DB6AD2FFD12D
                                                                                                                                                                                                                                                                                        SHA-256:DDF30773ECADA7BF30C4E5B8CAA7132110B52F68EDC46FDBF6A077518E88AFFF
                                                                                                                                                                                                                                                                                        SHA-512:4273A26D0DECEF84560098C9F79AFE18C882B8DB2A6E2B7640F72C8FA67F3EE60E0604A6CD801B4EDF2D733ABFBF77698CE12790472C06E6AF6969C569E0E804
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:2024/11/20-06:16:19.769 1ef0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/11/20-06:16:19.801 1ef0 Recovering log #3.2024/11/20-06:16:19.804 1ef0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):330
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.150331071675107
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:H2NPq2PcNwi23oH+Tcwt8aPrqIFUt8Y2PZmw+Y2AkwOcNwi23oH+Tcwt8amLJ:cvLZYebL3FUt8V/+y54ZYebQJ
                                                                                                                                                                                                                                                                                        MD5:F86F9B3A02C3BA84A06408BA9E0D02FD
                                                                                                                                                                                                                                                                                        SHA1:8742A9A73F0A2E7024A643CD4266DB6AD2FFD12D
                                                                                                                                                                                                                                                                                        SHA-256:DDF30773ECADA7BF30C4E5B8CAA7132110B52F68EDC46FDBF6A077518E88AFFF
                                                                                                                                                                                                                                                                                        SHA-512:4273A26D0DECEF84560098C9F79AFE18C882B8DB2A6E2B7640F72C8FA67F3EE60E0604A6CD801B4EDF2D733ABFBF77698CE12790472C06E6AF6969C569E0E804
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:2024/11/20-06:16:19.769 1ef0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/11/20-06:16:19.801 1ef0 Recovering log #3.2024/11/20-06:16:19.804 1ef0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):418
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                                                        MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                                                        SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                                                        SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                                                        SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):334
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.1544452600176145
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:H2ePkq2PcNwi23oH+Tcwt865IFUt8Y2ePFZmw+Y2ePXkwOcNwi23oH+Tcwt86+Ud:ivLZYeb/WFUt8w/+454ZYeb/+SJ
                                                                                                                                                                                                                                                                                        MD5:9950342B8DE82551275B2694334955A9
                                                                                                                                                                                                                                                                                        SHA1:9989183937582FF88B607093F213AFD46D7D4EC3
                                                                                                                                                                                                                                                                                        SHA-256:2A75947A3B92B82EB462CADA1373BBA986CBB5B43B87810E856D3DE704EF1A10
                                                                                                                                                                                                                                                                                        SHA-512:F57ED0CE0E348E3A7F9A1B6ED4FE7C0E970232D882B3C8D3FD8E2FA6ED9C02FDDD7B6C31DFECBEB781D32F1E4A9818E71B4C395DB374A53D754B361DA6532F8B
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:2024/11/20-06:16:19.819 1ef0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/11/20-06:16:19.819 1ef0 Recovering log #3.2024/11/20-06:16:19.819 1ef0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):334
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.1544452600176145
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:H2ePkq2PcNwi23oH+Tcwt865IFUt8Y2ePFZmw+Y2ePXkwOcNwi23oH+Tcwt86+Ud:ivLZYeb/WFUt8w/+454ZYeb/+SJ
                                                                                                                                                                                                                                                                                        MD5:9950342B8DE82551275B2694334955A9
                                                                                                                                                                                                                                                                                        SHA1:9989183937582FF88B607093F213AFD46D7D4EC3
                                                                                                                                                                                                                                                                                        SHA-256:2A75947A3B92B82EB462CADA1373BBA986CBB5B43B87810E856D3DE704EF1A10
                                                                                                                                                                                                                                                                                        SHA-512:F57ED0CE0E348E3A7F9A1B6ED4FE7C0E970232D882B3C8D3FD8E2FA6ED9C02FDDD7B6C31DFECBEB781D32F1E4A9818E71B4C395DB374A53D754B361DA6532F8B
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:2024/11/20-06:16:19.819 1ef0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/11/20-06:16:19.819 1ef0 Recovering log #3.2024/11/20-06:16:19.819 1ef0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1254
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                                                                                                                                        MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                                                                                                                                        SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                                                                                                                                        SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                                                                                                                                        SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):330
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.139145097197378
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:H2+hylyq2PcNwi23oH+Tcwt8NIFUt8Y2+hyz1Zmw+Y2+hOFgRkwOcNwi23oH+TcN:nhylyvLZYebpFUt88hyZ/+8hFR54ZYey
                                                                                                                                                                                                                                                                                        MD5:08124FFAB245B009D9497A72B0B0DE24
                                                                                                                                                                                                                                                                                        SHA1:920591BF3007F9C15D6BB6CA78462EC62B33927B
                                                                                                                                                                                                                                                                                        SHA-256:3C89CB962194A89EF654A101366842DE7B6E5BA375C4C53EB648282093835EE3
                                                                                                                                                                                                                                                                                        SHA-512:A1B9215D888B1200BAE3BFEA9A885E28101DD5F1E0E179C67F777FD63370EDE1FC6CA7CDF6087505283655212FDA59D1F388035641673522AE613354E2229EFD
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:2024/11/20-06:16:20.288 1e70 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/11/20-06:16:20.288 1e70 Recovering log #3.2024/11/20-06:16:20.289 1e70 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):330
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.139145097197378
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:H2+hylyq2PcNwi23oH+Tcwt8NIFUt8Y2+hyz1Zmw+Y2+hOFgRkwOcNwi23oH+TcN:nhylyvLZYebpFUt88hyZ/+8hFR54ZYey
                                                                                                                                                                                                                                                                                        MD5:08124FFAB245B009D9497A72B0B0DE24
                                                                                                                                                                                                                                                                                        SHA1:920591BF3007F9C15D6BB6CA78462EC62B33927B
                                                                                                                                                                                                                                                                                        SHA-256:3C89CB962194A89EF654A101366842DE7B6E5BA375C4C53EB648282093835EE3
                                                                                                                                                                                                                                                                                        SHA-512:A1B9215D888B1200BAE3BFEA9A885E28101DD5F1E0E179C67F777FD63370EDE1FC6CA7CDF6087505283655212FDA59D1F388035641673522AE613354E2229EFD
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:2024/11/20-06:16:20.288 1e70 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/11/20-06:16:20.288 1e70 Recovering log #3.2024/11/20-06:16:20.289 1e70 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):429
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                                                                                        MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                                                                                        SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                                                                                        SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                                                                                        SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):8720
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.2191763562065486
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:S4DntFlljq7A/mhWJFuQ3yy7IOWUTDQ/dweytllrE9SFcTp4AGbNCV9RUIa:S775fO5DQ/d0Xi99pEYY
                                                                                                                                                                                                                                                                                        MD5:9D9B341CE116B1AA41774EBEA8A53DE5
                                                                                                                                                                                                                                                                                        SHA1:98DE8A0CC2644B884AE2668B83A171EF475D6A30
                                                                                                                                                                                                                                                                                        SHA-256:6ED3EEB28B62A0A599B48601E5C8CF0BF93F7F2F994FF8C2BE51F3E0FA2AD73E
                                                                                                                                                                                                                                                                                        SHA-512:CD9ED31BE942CE5A2F7B1E9E8CDEB7639293423504DE00371D052CED0A80D18EED7C020899EB1C374AB7AA3FBDF962AE4834ED987E6F93783492A58369B4DB05
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:..............|....&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):414
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.263546767348496
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:n3lyvLZYeb8rcHEZrELFUt88f+/+8fGR54ZYeb8rcHEZrEZSJ:36lYeb8nZrExg86a8oYeb8nZrEZe
                                                                                                                                                                                                                                                                                        MD5:CAF1C5D47DEBCD5937B85F0C7BE5F5B9
                                                                                                                                                                                                                                                                                        SHA1:9CA7B61989518B53CF7129FEC4CAC3FA501D5258
                                                                                                                                                                                                                                                                                        SHA-256:A4ABEB478E98C191135D0F3E6EEF6DAF0337E1A3D58B2421A981CAF85A8A42F2
                                                                                                                                                                                                                                                                                        SHA-512:705EB91AE917EC0C28DD3157003A3A9FC303B1B345A290E2E27E5F2870D447FD9D7A10158F92D56F850748DD776D793E69A41A56A39D02852943BBC2110FB923
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:2024/11/20-06:16:22.348 1e70 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/11/20-06:16:22.349 1e70 Recovering log #3.2024/11/20-06:16:22.349 1e70 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):414
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.263546767348496
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:n3lyvLZYeb8rcHEZrELFUt88f+/+8fGR54ZYeb8rcHEZrEZSJ:36lYeb8nZrExg86a8oYeb8nZrEZe
                                                                                                                                                                                                                                                                                        MD5:CAF1C5D47DEBCD5937B85F0C7BE5F5B9
                                                                                                                                                                                                                                                                                        SHA1:9CA7B61989518B53CF7129FEC4CAC3FA501D5258
                                                                                                                                                                                                                                                                                        SHA-256:A4ABEB478E98C191135D0F3E6EEF6DAF0337E1A3D58B2421A981CAF85A8A42F2
                                                                                                                                                                                                                                                                                        SHA-512:705EB91AE917EC0C28DD3157003A3A9FC303B1B345A290E2E27E5F2870D447FD9D7A10158F92D56F850748DD776D793E69A41A56A39D02852943BBC2110FB923
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:2024/11/20-06:16:22.348 1e70 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/11/20-06:16:22.349 1e70 Recovering log #3.2024/11/20-06:16:22.349 1e70 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):342
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.1700994286651065
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:H2+hQXHUr3+q2PcNwi23oH+Tcwt8a2jMGIFUt8Y2+hQa4Zmw+Y2+hQd9VkwOcNwe:nhCnvLZYeb8EFUt88hB4/+8hG54ZYebw
                                                                                                                                                                                                                                                                                        MD5:A8FA9517216C0D260527966E74E9644F
                                                                                                                                                                                                                                                                                        SHA1:1136BCFB2AED4FF5568F19AE0DA04DAB4AA026CD
                                                                                                                                                                                                                                                                                        SHA-256:CA64A314C368DB414BD9A0919E920B28368F7E751F2D74CE6A26B190C76217EA
                                                                                                                                                                                                                                                                                        SHA-512:D41C2C693827CDD23141B95F2B5AA3F1ABAC3D0C916A20DCEB891347ADC32CF26C261812BABD9CBBD2748B528C8DCB1DAEF5E78D2A364974692FCA44EEE7E1F4
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:2024/11/20-06:16:20.528 1f88 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/11/20-06:16:20.538 1f88 Recovering log #3.2024/11/20-06:16:20.585 1f88 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):342
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.1700994286651065
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:H2+hQXHUr3+q2PcNwi23oH+Tcwt8a2jMGIFUt8Y2+hQa4Zmw+Y2+hQd9VkwOcNwe:nhCnvLZYeb8EFUt88hB4/+8hG54ZYebw
                                                                                                                                                                                                                                                                                        MD5:A8FA9517216C0D260527966E74E9644F
                                                                                                                                                                                                                                                                                        SHA1:1136BCFB2AED4FF5568F19AE0DA04DAB4AA026CD
                                                                                                                                                                                                                                                                                        SHA-256:CA64A314C368DB414BD9A0919E920B28368F7E751F2D74CE6A26B190C76217EA
                                                                                                                                                                                                                                                                                        SHA-512:D41C2C693827CDD23141B95F2B5AA3F1ABAC3D0C916A20DCEB891347ADC32CF26C261812BABD9CBBD2748B528C8DCB1DAEF5E78D2A364974692FCA44EEE7E1F4
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:2024/11/20-06:16:20.528 1f88 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/11/20-06:16:20.538 1f88 Recovering log #3.2024/11/20-06:16:20.585 1f88 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\23e5e75d-7804-4b18-a0bd-b10c03b19050.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):40
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                        MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                        SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                        SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                        SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\2e36870a-2fc9-4013-9989-c2e36db4fc78.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\37fa2271-1612-4bd0-a92d-87474b4707af.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1618
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.302994819295006
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:YcCpWsduCvsafc7leeBRsygCgkhYhbyD0:F2vu22keBxukOhn
                                                                                                                                                                                                                                                                                        MD5:90B46E2386024DB7264E402160E5F3B4
                                                                                                                                                                                                                                                                                        SHA1:3B2E2F784405DFE32CFE038FAF9F0121224877BB
                                                                                                                                                                                                                                                                                        SHA-256:C56B810798569D26A6B771B8DED39C12F26FAC419F019BC878C6B001FBFA501D
                                                                                                                                                                                                                                                                                        SHA-512:FA97B24F01A6378FA4A2B3875E9694AC90F0C469E14675FE657DB2F6728C9C9A5D665766F97FE72F533AA89E38C0F0B700C364B85C75867AB6F0083EDD05B186
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218151956","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218812706","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwc

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\474138c2-6b5f-45b9-9284-0a2257d39a28.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                                        Size (bytes):1500
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.312303946572949
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:YcCp/WwC5mWw6ma3yeesw6C1EFGJ/I3RdsYZVMdmRdszZFRudFGRw6maPsQYhbS6:YcCpfC0leeBagCzsotsdfc7khYhbyD0
                                                                                                                                                                                                                                                                                        MD5:B8A8A686CB94B804F327848D749CD7EA
                                                                                                                                                                                                                                                                                        SHA1:F8CA9C892E0DE98BEDBE7CCA792F0B35947CD24A
                                                                                                                                                                                                                                                                                        SHA-256:CC5A7D20AEAD69397AD3865826B27FE9CE2C4A242E005D86FC09D6997785D31C
                                                                                                                                                                                                                                                                                        SHA-512:ED9047C13A438F1979C4EB9519CD9B47188CD4F0C595AF74EB3318B7CD6C9211B9D42EA12F96137FE91FA183F8113A107BF0D060B9648F9596F59EA6B29BE59D
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13379166983192365","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"adve

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\4926f43e-4ada-4d5e-b481-4f80e63c9be9.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\5b5d077e-0c32-49af-a83c-ea2a64665dc6.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1618
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.302994819295006
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:YcCpWsduCvsafc7leeBRsygCgkhYhbyD0:F2vu22keBxukOhn
                                                                                                                                                                                                                                                                                        MD5:90B46E2386024DB7264E402160E5F3B4
                                                                                                                                                                                                                                                                                        SHA1:3B2E2F784405DFE32CFE038FAF9F0121224877BB
                                                                                                                                                                                                                                                                                        SHA-256:C56B810798569D26A6B771B8DED39C12F26FAC419F019BC878C6B001FBFA501D
                                                                                                                                                                                                                                                                                        SHA-512:FA97B24F01A6378FA4A2B3875E9694AC90F0C469E14675FE657DB2F6728C9C9A5D665766F97FE72F533AA89E38C0F0B700C364B85C75867AB6F0083EDD05B186
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218151956","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218812706","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwc

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF32433.TMP (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1618
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.302994819295006
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:YcCpWsduCvsafc7leeBRsygCgkhYhbyD0:F2vu22keBxukOhn
                                                                                                                                                                                                                                                                                        MD5:90B46E2386024DB7264E402160E5F3B4
                                                                                                                                                                                                                                                                                        SHA1:3B2E2F784405DFE32CFE038FAF9F0121224877BB
                                                                                                                                                                                                                                                                                        SHA-256:C56B810798569D26A6B771B8DED39C12F26FAC419F019BC878C6B001FBFA501D
                                                                                                                                                                                                                                                                                        SHA-512:FA97B24F01A6378FA4A2B3875E9694AC90F0C469E14675FE657DB2F6728C9C9A5D665766F97FE72F533AA89E38C0F0B700C364B85C75867AB6F0083EDD05B186
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["FAAAAA4AAABodHRwOi8vbXNuLmNvbQAA",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218151956","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"anonymization":["FAAAAA8AAABodHRwczovL21zbi5jb20A",false],"server":"https://assets.msn.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343557218812706","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwc

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF22178.TMP (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2303d.TMP (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF23435.TMP (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):40
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                        MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                        SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                        SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                        SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\c4a46ae0-811f-4e42-bbf8-dee81370f725.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):7509
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.093333945537912
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:st5qKQs10bDsTdWNmXKaCvlPm8zOsY5eh6Cb7/x+6MhmuecmAeipDS+2ML/EJ:st5QsNdWNmaNPmkOsY8bV+FiATS+PLMJ
                                                                                                                                                                                                                                                                                        MD5:9FA8A40F996AD086100B3B90FDA8AD88
                                                                                                                                                                                                                                                                                        SHA1:29DF72C5E04576E0B3BD64F9FB831C8364B3F90D
                                                                                                                                                                                                                                                                                        SHA-256:E09BB5861CA1A3EFCB33EB7C788FF1519574F9E3A6A4C20A5F74AC8F8FDA86E6
                                                                                                                                                                                                                                                                                        SHA-512:0B4CF7F8F7A6B2AE15A7507075AF13A3F84031845EE153F409F220AB22C448241F8D218C931AE78EFA08871F32D919ABCAA94D838C8FC74B4EBD9E1929A1007E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376574980226080","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13376574980227306"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF24aca.TMP (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):7509
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.093333945537912
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:st5qKQs10bDsTdWNmXKaCvlPm8zOsY5eh6Cb7/x+6MhmuecmAeipDS+2ML/EJ:st5QsNdWNmaNPmkOsY8bV+FiATS+PLMJ
                                                                                                                                                                                                                                                                                        MD5:9FA8A40F996AD086100B3B90FDA8AD88
                                                                                                                                                                                                                                                                                        SHA1:29DF72C5E04576E0B3BD64F9FB831C8364B3F90D
                                                                                                                                                                                                                                                                                        SHA-256:E09BB5861CA1A3EFCB33EB7C788FF1519574F9E3A6A4C20A5F74AC8F8FDA86E6
                                                                                                                                                                                                                                                                                        SHA-512:0B4CF7F8F7A6B2AE15A7507075AF13A3F84031845EE153F409F220AB22C448241F8D218C931AE78EFA08871F32D919ABCAA94D838C8FC74B4EBD9E1929A1007E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376574980226080","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13376574980227306"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF292df.TMP (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):7509
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.093333945537912
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:st5qKQs10bDsTdWNmXKaCvlPm8zOsY5eh6Cb7/x+6MhmuecmAeipDS+2ML/EJ:st5QsNdWNmaNPmkOsY8bV+FiATS+PLMJ
                                                                                                                                                                                                                                                                                        MD5:9FA8A40F996AD086100B3B90FDA8AD88
                                                                                                                                                                                                                                                                                        SHA1:29DF72C5E04576E0B3BD64F9FB831C8364B3F90D
                                                                                                                                                                                                                                                                                        SHA-256:E09BB5861CA1A3EFCB33EB7C788FF1519574F9E3A6A4C20A5F74AC8F8FDA86E6
                                                                                                                                                                                                                                                                                        SHA-512:0B4CF7F8F7A6B2AE15A7507075AF13A3F84031845EE153F409F220AB22C448241F8D218C931AE78EFA08871F32D919ABCAA94D838C8FC74B4EBD9E1929A1007E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376574980226080","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13376574980227306"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF2c4ad.TMP (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):7509
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.093333945537912
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:st5qKQs10bDsTdWNmXKaCvlPm8zOsY5eh6Cb7/x+6MhmuecmAeipDS+2ML/EJ:st5QsNdWNmaNPmkOsY8bV+FiATS+PLMJ
                                                                                                                                                                                                                                                                                        MD5:9FA8A40F996AD086100B3B90FDA8AD88
                                                                                                                                                                                                                                                                                        SHA1:29DF72C5E04576E0B3BD64F9FB831C8364B3F90D
                                                                                                                                                                                                                                                                                        SHA-256:E09BB5861CA1A3EFCB33EB7C788FF1519574F9E3A6A4C20A5F74AC8F8FDA86E6
                                                                                                                                                                                                                                                                                        SHA-512:0B4CF7F8F7A6B2AE15A7507075AF13A3F84031845EE153F409F220AB22C448241F8D218C931AE78EFA08871F32D919ABCAA94D838C8FC74B4EBD9E1929A1007E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376574980226080","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13376574980227306"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3080f.TMP (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):7509
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.093333945537912
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:st5qKQs10bDsTdWNmXKaCvlPm8zOsY5eh6Cb7/x+6MhmuecmAeipDS+2ML/EJ:st5QsNdWNmaNPmkOsY8bV+FiATS+PLMJ
                                                                                                                                                                                                                                                                                        MD5:9FA8A40F996AD086100B3B90FDA8AD88
                                                                                                                                                                                                                                                                                        SHA1:29DF72C5E04576E0B3BD64F9FB831C8364B3F90D
                                                                                                                                                                                                                                                                                        SHA-256:E09BB5861CA1A3EFCB33EB7C788FF1519574F9E3A6A4C20A5F74AC8F8FDA86E6
                                                                                                                                                                                                                                                                                        SHA-512:0B4CF7F8F7A6B2AE15A7507075AF13A3F84031845EE153F409F220AB22C448241F8D218C931AE78EFA08871F32D919ABCAA94D838C8FC74B4EBD9E1929A1007E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376574980226080","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13376574980227306"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):25012
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.56828410211618
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:768:iW9u5XWPJtf0H8F1+UoAYDCx9Tuqh0VfUC9xbog/OV3O68DrwK7pQtuB:iW9u5XWPJtf0Hu1jaeL84RtC
                                                                                                                                                                                                                                                                                        MD5:E221BD2C4050000C31DDED7FB300F607
                                                                                                                                                                                                                                                                                        SHA1:3A3272A6CD19BDEF675991FD92BD715551D9D7E6
                                                                                                                                                                                                                                                                                        SHA-256:551DB4EB0688A56F3CE1B69405A56EFCC2086564F45D3F457C19FB322AC1CDF2
                                                                                                                                                                                                                                                                                        SHA-512:5D457E07E7F8C6EFE2A30094638F62DB0D58FE9358533058CECEEC984B8B811F993DCF255DAADDBA4219A8ACB015B9D110EBA74AACD04D72A1B4BA34ACE046F7
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13376574979762809","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13376574979762809","location":5,"ma

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF253f2.TMP (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):25012
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.56828410211618
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:768:iW9u5XWPJtf0H8F1+UoAYDCx9Tuqh0VfUC9xbog/OV3O68DrwK7pQtuB:iW9u5XWPJtf0Hu1jaeL84RtC
                                                                                                                                                                                                                                                                                        MD5:E221BD2C4050000C31DDED7FB300F607
                                                                                                                                                                                                                                                                                        SHA1:3A3272A6CD19BDEF675991FD92BD715551D9D7E6
                                                                                                                                                                                                                                                                                        SHA-256:551DB4EB0688A56F3CE1B69405A56EFCC2086564F45D3F457C19FB322AC1CDF2
                                                                                                                                                                                                                                                                                        SHA-512:5D457E07E7F8C6EFE2A30094638F62DB0D58FE9358533058CECEEC984B8B811F993DCF255DAADDBA4219A8ACB015B9D110EBA74AACD04D72A1B4BA34ACE046F7
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13376574979762809","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13376574979762809","location":5,"ma

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):194
                                                                                                                                                                                                                                                                                        Entropy (8bit):2.8096948641228403
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:S8ltHlS+QUl1ASEGhTFljljljljljljljl:S85aEFljljljljljljljl
                                                                                                                                                                                                                                                                                        MD5:D7D9437445AA960DCEA52FFE772822DC
                                                                                                                                                                                                                                                                                        SHA1:C2BBF4AC0732D905D998C4F645FD60F95A675D02
                                                                                                                                                                                                                                                                                        SHA-256:4FF49903BEC1197017A35995D5C5FC703CAF9D496467345D783F754B723D21C1
                                                                                                                                                                                                                                                                                        SHA-512:335EB1BA85670550ED1E1E4E14EA4B5D14F8306125BF147A42DE4DEF5E5F75F14C422B014414030CF30378C04F748AC875CF056ADDA196511A0B057B3598FE9A
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f.................&f.................&f.................&f...............

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):330
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.145328526599696
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:H28VFUL+q2PcNwi23oH+TcwtrQMxIFUt8Y28tZmw+Y2+tVkwOcNwi23oH+Tcwtrb:9MyvLZYebCFUt86t/+U54ZYebtJ
                                                                                                                                                                                                                                                                                        MD5:C11F628A114ADDB88529FB3F71DB78BF
                                                                                                                                                                                                                                                                                        SHA1:193A4DB115CE6FCB29A5DE5ED6EE27CF39082894
                                                                                                                                                                                                                                                                                        SHA-256:2D4F142F52C0E9021185F7D718EFC0425B803A3EFDB771760D41065D3EE90858
                                                                                                                                                                                                                                                                                        SHA-512:0F34153622CDBC0CF00E402AD2C9B8F8A8C5817E623312CC890E7FECF2AED469701BF149C5FB1E091F732AFA87CDCD3876293351FB20A82B74BCB79E35603F87
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:2024/11/20-06:16:36.900 1f88 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/11/20-06:16:36.901 1f88 Recovering log #3.2024/11/20-06:16:36.912 1f88 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):330
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.145328526599696
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:H28VFUL+q2PcNwi23oH+TcwtrQMxIFUt8Y28tZmw+Y2+tVkwOcNwi23oH+Tcwtrb:9MyvLZYebCFUt86t/+U54ZYebtJ
                                                                                                                                                                                                                                                                                        MD5:C11F628A114ADDB88529FB3F71DB78BF
                                                                                                                                                                                                                                                                                        SHA1:193A4DB115CE6FCB29A5DE5ED6EE27CF39082894
                                                                                                                                                                                                                                                                                        SHA-256:2D4F142F52C0E9021185F7D718EFC0425B803A3EFDB771760D41065D3EE90858
                                                                                                                                                                                                                                                                                        SHA-512:0F34153622CDBC0CF00E402AD2C9B8F8A8C5817E623312CC890E7FECF2AED469701BF149C5FB1E091F732AFA87CDCD3876293351FB20A82B74BCB79E35603F87
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:2024/11/20-06:16:36.900 1f88 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/11/20-06:16:36.901 1f88 Recovering log #3.2024/11/20-06:16:36.912 1f88 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):358
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.13918439503429
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:H2y3q2PcNwi23oH+Tcwt7Uh2ghZIFUt8Y21YXZmw+Y21YFkwOcNwi23oH+Tcwt7w:j3vLZYebIhHh2FUt8LYX/+LYF54ZYebs
                                                                                                                                                                                                                                                                                        MD5:55C9479AEACF1C83A97D8EB6355F3180
                                                                                                                                                                                                                                                                                        SHA1:D48122443E83D1E148023D0B2E60A3E3D6DB6984
                                                                                                                                                                                                                                                                                        SHA-256:F55F41BA637DDC1B77BE968C078340C082304B8BA2620E85A2ED82337A25C8FA
                                                                                                                                                                                                                                                                                        SHA-512:7D83D570A4DDF608E09272BDAC47305917093401C41AB826650973E92208E545F0F6C5155257259FBD4C2DE806CD85B52D47F07955D75BE58F1DD656CB970CD7
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:2024/11/20-06:16:19.749 1ee0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/11/20-06:16:19.759 1ee0 Recovering log #3.2024/11/20-06:16:19.759 1ee0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):358
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.13918439503429
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:H2y3q2PcNwi23oH+Tcwt7Uh2ghZIFUt8Y21YXZmw+Y21YFkwOcNwi23oH+Tcwt7w:j3vLZYebIhHh2FUt8LYX/+LYF54ZYebs
                                                                                                                                                                                                                                                                                        MD5:55C9479AEACF1C83A97D8EB6355F3180
                                                                                                                                                                                                                                                                                        SHA1:D48122443E83D1E148023D0B2E60A3E3D6DB6984
                                                                                                                                                                                                                                                                                        SHA-256:F55F41BA637DDC1B77BE968C078340C082304B8BA2620E85A2ED82337A25C8FA
                                                                                                                                                                                                                                                                                        SHA-512:7D83D570A4DDF608E09272BDAC47305917093401C41AB826650973E92208E545F0F6C5155257259FBD4C2DE806CD85B52D47F07955D75BE58F1DD656CB970CD7
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:2024/11/20-06:16:19.749 1ee0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/11/20-06:16:19.759 1ee0 Recovering log #3.2024/11/20-06:16:19.759 1ee0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Cache\Cache_Data\data_1

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):270336
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0018016574701054978
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:MsEllllkEthXllkl2zEZl3Kll/l:/M/xT02zb/l
                                                                                                                                                                                                                                                                                        MD5:293D23F9118341522E4CE5368BE8B29F
                                                                                                                                                                                                                                                                                        SHA1:90307263C1EAA915D297161950EE0DF47E9306CA
                                                                                                                                                                                                                                                                                        SHA-256:60E87E31ADD5E11E40D376E48376C9F83E047A6B10706BC251707A080A550393
                                                                                                                                                                                                                                                                                        SHA-512:11AF4DCFFCADD465E577701DFDD7E161117DDE55E53F1DD12FC7D3A00E83822AB7E25CFCF83FA927F0861DDE91EF2AD42088782DC4B8878963BC7C5F7F40419B
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):270336
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                        MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                        SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                        SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                        SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):270336
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                                                        MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                                                        SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                                                        SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                                                        SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):440
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.243172446100578
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:nhUOvLZYebvqBQFUt88hd4/+8hU54ZYebvqBvJ:SMlYebvZg8ooYebvk
                                                                                                                                                                                                                                                                                        MD5:5E86E85BD3353D5CF852A096F62804D5
                                                                                                                                                                                                                                                                                        SHA1:53A4459150D9C9D860DB5A752A74C23CB20FDE8D
                                                                                                                                                                                                                                                                                        SHA-256:F6305A5AAE73CA6F93B6634858F6D5C3B60CD46BA1AA99937C0CCF1FD4B64F2D
                                                                                                                                                                                                                                                                                        SHA-512:CAEF80635DA8E099C4FEA9ECAC4CC3282F88C07638F27E92FE89186C66456930BA9F330AD6C38D67124A59B66A94ED329ED2F9BE44A1C814F3C37D0E15350A8A
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:2024/11/20-06:16:20.594 1f88 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/11/20-06:16:20.596 1f88 Recovering log #3.2024/11/20-06:16:20.598 1f88 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):440
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.243172446100578
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:nhUOvLZYebvqBQFUt88hd4/+8hU54ZYebvqBvJ:SMlYebvZg8ooYebvk
                                                                                                                                                                                                                                                                                        MD5:5E86E85BD3353D5CF852A096F62804D5
                                                                                                                                                                                                                                                                                        SHA1:53A4459150D9C9D860DB5A752A74C23CB20FDE8D
                                                                                                                                                                                                                                                                                        SHA-256:F6305A5AAE73CA6F93B6634858F6D5C3B60CD46BA1AA99937C0CCF1FD4B64F2D
                                                                                                                                                                                                                                                                                        SHA-512:CAEF80635DA8E099C4FEA9ECAC4CC3282F88C07638F27E92FE89186C66456930BA9F330AD6C38D67124A59B66A94ED329ED2F9BE44A1C814F3C37D0E15350A8A
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:2024/11/20-06:16:20.594 1f88 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/11/20-06:16:20.596 1f88 Recovering log #3.2024/11/20-06:16:20.598 1f88 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\067f02ce-fd8c-4356-9b16-1a33f81ec3f5.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\80e80418-e7ac-4e8c-a49b-74cdb401461a.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):40
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                        MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                        SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                        SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                        SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\851023f0-d79c-4b87-97cd-6e704bc4f1b7.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):111
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                                                                                                        MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                                                                                                        SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                                                                                                        SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                                                                                                        SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):111
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                                                                                                        MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                                                                                                        SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                                                                                                        SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                                                                                                        SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF2303d.TMP (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF23435.TMP (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):40
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                                                        MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                                                        SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                                                        SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                                                        SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):36864
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                                                        MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                                                                                                        SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                                                                                                        SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                                                                                                        SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\a92df71e-4e6e-4351-9104-7ca6cf2ffd76.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\f1e459b1-0356-46b0-a71f-72882ffe195c.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.0
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:H:H
                                                                                                                                                                                                                                                                                        MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                                                        SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                                                        SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                                                        SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:[]

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):80
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                                                                                                        MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                                                                                                        SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                                                                                                        SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                                                                                                        SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):428
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.244605814673751
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:H20dI+q2PcNwi23oH+TcwtzjqEKj0QMxIFUt8Y2k5Zmw+Y2Q3VkwOcNwi23oH+Tj:1nvLZYebvqBZFUt82/+aF54ZYebvqBaJ
                                                                                                                                                                                                                                                                                        MD5:BC0FA78E778169EC66DDE38E584F485D
                                                                                                                                                                                                                                                                                        SHA1:99F6456D039643857436CE926D8DD436645DA977
                                                                                                                                                                                                                                                                                        SHA-256:BD7D9D2D97A6C74AC251FA30CAAE0A0E6CEB0AAA04352EEFD72FD8297C7C4F0B
                                                                                                                                                                                                                                                                                        SHA-512:688EAF9CECDB4D423AC319AD8115E53316A7C927EDD6113A8C0B669EF4C3BCCC0950781F3F5DE78BC2955FDF7624BA82327A54ECA2B469EC0D27EE9111EA16CB
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:2024/11/20-06:16:36.988 1f88 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/11/20-06:16:36.990 1f88 Recovering log #3.2024/11/20-06:16:36.994 1f88 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):428
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.244605814673751
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:H20dI+q2PcNwi23oH+TcwtzjqEKj0QMxIFUt8Y2k5Zmw+Y2Q3VkwOcNwi23oH+Tj:1nvLZYebvqBZFUt82/+aF54ZYebvqBaJ
                                                                                                                                                                                                                                                                                        MD5:BC0FA78E778169EC66DDE38E584F485D
                                                                                                                                                                                                                                                                                        SHA1:99F6456D039643857436CE926D8DD436645DA977
                                                                                                                                                                                                                                                                                        SHA-256:BD7D9D2D97A6C74AC251FA30CAAE0A0E6CEB0AAA04352EEFD72FD8297C7C4F0B
                                                                                                                                                                                                                                                                                        SHA-512:688EAF9CECDB4D423AC319AD8115E53316A7C927EDD6113A8C0B669EF4C3BCCC0950781F3F5DE78BC2955FDF7624BA82327A54ECA2B469EC0D27EE9111EA16CB
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:2024/11/20-06:16:36.988 1f88 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/11/20-06:16:36.990 1f88 Recovering log #3.2024/11/20-06:16:36.994 1f88 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):334
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.196912905929426
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:H2wL+q2PcNwi23oH+TcwtpIFUt8Y2mKWZmw+Y2wLVkwOcNwi23oH+Tcwta/WLJ:dL+vLZYebmFUt8LW/+aLV54ZYebaUJ
                                                                                                                                                                                                                                                                                        MD5:138D1940E9A36A97DEAA4FE232347540
                                                                                                                                                                                                                                                                                        SHA1:FE98F3EE7DCFA3300A373564A00164B05C22A9B1
                                                                                                                                                                                                                                                                                        SHA-256:79F1411339BF538B4576CA9F32370DCF73E464A2289D0569C19071114F5AAE2E
                                                                                                                                                                                                                                                                                        SHA-512:B2E378A7FC18D16D2193EFF742390278DE2BB4A77CC568AB50E67B36A128982B44BFCA355A5189F68A518F74FD1711AE06345F060D6AE99F10909B8F6117E057
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:2024/11/20-06:16:19.888 1ecc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/11/20-06:16:19.888 1ecc Recovering log #3.2024/11/20-06:16:19.888 1ecc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):334
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.196912905929426
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:H2wL+q2PcNwi23oH+TcwtpIFUt8Y2mKWZmw+Y2wLVkwOcNwi23oH+Tcwta/WLJ:dL+vLZYebmFUt8LW/+aLV54ZYebaUJ
                                                                                                                                                                                                                                                                                        MD5:138D1940E9A36A97DEAA4FE232347540
                                                                                                                                                                                                                                                                                        SHA1:FE98F3EE7DCFA3300A373564A00164B05C22A9B1
                                                                                                                                                                                                                                                                                        SHA-256:79F1411339BF538B4576CA9F32370DCF73E464A2289D0569C19071114F5AAE2E
                                                                                                                                                                                                                                                                                        SHA-512:B2E378A7FC18D16D2193EFF742390278DE2BB4A77CC568AB50E67B36A128982B44BFCA355A5189F68A518F74FD1711AE06345F060D6AE99F10909B8F6117E057
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:2024/11/20-06:16:19.888 1ecc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/11/20-06:16:19.888 1ecc Recovering log #3.2024/11/20-06:16:19.888 1ecc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):196608
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.1223366613214008
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:384:72qOB1nxCkASAELyKOMq+8HKkjucswRv8p3:qq+n0r9ELyKOMq+8HKkjuczRv89
                                                                                                                                                                                                                                                                                        MD5:8D4E16FEECC4D91DB314F6ECB9928FD6
                                                                                                                                                                                                                                                                                        SHA1:2DD23463A80C5F07736FFF0DDDF4E1947713BB1C
                                                                                                                                                                                                                                                                                        SHA-256:372467497EDCD4ABD9BB9DBF0F92C31690D1299D21DF0C2C193527224C932C8F
                                                                                                                                                                                                                                                                                        SHA-512:C4ED3CA926BFA2633E7276550EBAEEC30566ED8D15CDF87015DA680697593380588AFDA8436A6E29FF9795B9AAA44B65A1F12A17DA5BE5008C3B1A6071668223
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):11755
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                                                                                        MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                                                                                        SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                                                                                        SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                                                                                        SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\b20474aa-87e8-474e-a65b-c30ece6e27ca.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):8267
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.213970196378485
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:st5QsNdWNmaNPrp9xdQQkOsY8bV+FiApBh+PLMJ:st5QsNdWN5JrXxEbGiKBhZ
                                                                                                                                                                                                                                                                                        MD5:FED90B62DA126B34C32B91E37D59412E
                                                                                                                                                                                                                                                                                        SHA1:2F065E5B2FE53A29733077665B06538F71735F5E
                                                                                                                                                                                                                                                                                        SHA-256:A0CC599599C92566955F83165586C5A9B67F86E2E1FAA3605D80BD218345DA6F
                                                                                                                                                                                                                                                                                        SHA-512:30356C064D4B986BC8D30ED44FD0CB8BD81918D3D55EA7705C47A8C9258F5191A9759928731BD3F689F0B5EA725D5C849A6299C1F5D7C8E08C4F8624D7E1B940
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376574980226080","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13376574980227306"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d5b9e85e-6b50-4735-91f0-6b1db39e2d02.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):8267
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.214568851994502
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:st5QsNdWNmaNPrp9xdQQkOsY8bV+FiAeh+PLMJ:st5QsNdWN5JrXxEbGibhZ
                                                                                                                                                                                                                                                                                        MD5:1B596BC3A9234C8FC50A33CEECE977F6
                                                                                                                                                                                                                                                                                        SHA1:F18562C0349E3D1A014E81DD70DCD3287D2C14B2
                                                                                                                                                                                                                                                                                        SHA-256:BD65C5C13DD1D0E8A1DC0AB4DEAB15B7E0ADDFFCD61F51DE69E55D2B00F886BC
                                                                                                                                                                                                                                                                                        SHA-512:0BD86BC6FA1ED4F72B2DB7AE99C2373397B1D79C9ACA3CEBD0024FF3DFF4EBEF46B0454BEA57E9130265CACB1A140EF9EC82911ECC5E7D9B3302C7CFE05F4810
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376574980226080","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13376574980227306"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\f3b8ef70-61a8-4765-a0a4-36553ab9dfc1.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):7509
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.093333945537912
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:st5qKQs10bDsTdWNmXKaCvlPm8zOsY5eh6Cb7/x+6MhmuecmAeipDS+2ML/EJ:st5QsNdWNmaNPmkOsY8bV+FiATS+PLMJ
                                                                                                                                                                                                                                                                                        MD5:9FA8A40F996AD086100B3B90FDA8AD88
                                                                                                                                                                                                                                                                                        SHA1:29DF72C5E04576E0B3BD64F9FB831C8364B3F90D
                                                                                                                                                                                                                                                                                        SHA-256:E09BB5861CA1A3EFCB33EB7C788FF1519574F9E3A6A4C20A5F74AC8F8FDA86E6
                                                                                                                                                                                                                                                                                        SHA-512:0B4CF7F8F7A6B2AE15A7507075AF13A3F84031845EE153F409F220AB22C448241F8D218C931AE78EFA08871F32D919ABCAA94D838C8FC74B4EBD9E1929A1007E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13376574980226080","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340965831357520","arbitration_using_experiment_config":false,"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"list":[]},"default_apps_install_state":3,"domain_diversity":{"last_reporting_timestamp":"13376574980227306"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sitelist_has_consumer_data":false,"sitelist_has_enterprise_data":false,"sitelist_location":"","sitelist_source":0,"sitelist_version":""},"edge":{

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.049471177452761014
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:Gd0VmH0VwL9XCChslotGLNl0ml/XoQDeX:zcUupEjVl/XoQ
                                                                                                                                                                                                                                                                                        MD5:CCBB8ED12C0F486E5E19AB114740410D
                                                                                                                                                                                                                                                                                        SHA1:E541F993884384BC7251CE679E7FCB32F1F99C8F
                                                                                                                                                                                                                                                                                        SHA-256:F6AE64234C5FE01A8980DE33BCCF75ADA476CD96A81EC957E36ED2BF9B2902DD
                                                                                                                                                                                                                                                                                        SHA-512:903859E0658DE0BED461EA047458F954CBF9A12D01D2FB078618A2DBFED023D8C0112078934C622B817560047E3F2F7A9751337F8D30EB28B37B9FA16939D591
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:..-.....................B..".q.43.-......~*.~v}..-.....................B..".q.43.-......~*.~v}........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                                        Size (bytes):1811
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.468975025520422
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:/L48aSBSkQcPXHRHfxVIYjIYzzjqkWMYjMYvy0AlkfAlk83:Df0kQgIYjIYzzjbWMYjMYtYcYZ3
                                                                                                                                                                                                                                                                                        MD5:05AB2D1B6609022FA45D5C843636CDF4
                                                                                                                                                                                                                                                                                        SHA1:6083C6ADD23374C189CA4C6A62AA12C6AE038092
                                                                                                                                                                                                                                                                                        SHA-256:0EA2994098E9999F873F2C56A08CA04EBCC6B61717869CFCB9F0BA8CB446A7E4
                                                                                                                                                                                                                                                                                        SHA-512:7DB17DE297A0B8BB70489BA5F50A89CEEB7358252838F81AB436D4F2B2A1EAD12ED03F2B0EF5FF87776BC0388FDDA199A91C8FF6029377FD7CBFDFA87BEA521B
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:A..r.................20_1_1...1.,U.................20_1_1...1...0................39_config..........6.....n ...1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...................................4_IPH_CompanionSidePanel...IPH_CompanionSidePanel....$4_IPH_CompanionSidePanelRegionSearch(."IPH_CompanionSidePanelRegionSearch.....4_IPH_DownloadToolbarButton...IPH_DownloadToolbarButton....&4_IPH_FocusHelpBubbleScreenReaderPromo*.$IPH_FocusHelpBubbleScreenReaderPromo.....4_IPH_GMCCastStartStop...IPH_GMCCastStartStop.....4_IPH_HighEfficiencyMode...IPH_HighEfficiencyMode.....4_IPH_LiveCaption...IPH_LiveCaption.....4_IPH_PasswordsAccountStorage!..IPH_PasswordsAccountStorage...."4_IPH_PasswordsWebAppProfileSwitch&. IPH_PasswordsWebAppProfileSwitch....-4_IPH_PriceInsightsPageActionIconLabelFeature1.+IPH_PriceInsightsPageActionIconLabelFeature.....4_IPH_Pric

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):330
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.168820908096225
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:H2+hk9+q2PcNwi23oH+TcwtfrK+IFUt8Y2+hOulNJZmw+Y2+hOulN9VkwOcNwi2R:nhC+vLZYeb23FUt88hvR/+8hvlV54ZYq
                                                                                                                                                                                                                                                                                        MD5:C2BDF988FDA279DD4F48AB663AB10C1A
                                                                                                                                                                                                                                                                                        SHA1:FB3CDC8375C4AD1EF8B39010A53D8597B9BD6FDB
                                                                                                                                                                                                                                                                                        SHA-256:1452E09CF952A34C11D9E8A4090D559771B3440AAFABA75C85EEECA5056FF027
                                                                                                                                                                                                                                                                                        SHA-512:B6953077EFB4478420A4354CC142A7FD551D3461A3D0F3634CB109A95BF1161F1B18049F4B71C7FE3A27D0F7545CC4D97FF16323C6552CA0E752122357EB1E74
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:2024/11/20-06:16:20.266 1ebc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/11/20-06:16:20.267 1ebc Recovering log #3.2024/11/20-06:16:20.267 1ebc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):330
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.168820908096225
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:H2+hk9+q2PcNwi23oH+TcwtfrK+IFUt8Y2+hOulNJZmw+Y2+hOulN9VkwOcNwi2R:nhC+vLZYeb23FUt88hvR/+8hvlV54ZYq
                                                                                                                                                                                                                                                                                        MD5:C2BDF988FDA279DD4F48AB663AB10C1A
                                                                                                                                                                                                                                                                                        SHA1:FB3CDC8375C4AD1EF8B39010A53D8597B9BD6FDB
                                                                                                                                                                                                                                                                                        SHA-256:1452E09CF952A34C11D9E8A4090D559771B3440AAFABA75C85EEECA5056FF027
                                                                                                                                                                                                                                                                                        SHA-512:B6953077EFB4478420A4354CC142A7FD551D3461A3D0F3634CB109A95BF1161F1B18049F4B71C7FE3A27D0F7545CC4D97FF16323C6552CA0E752122357EB1E74
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:2024/11/20-06:16:20.266 1ebc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/11/20-06:16:20.267 1ebc Recovering log #3.2024/11/20-06:16:20.267 1ebc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):894
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.078279215866849
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:G0nYUtypD32m3yWlIZMBA5NgKIvB8f12/6:LYUtyp5q55NvIp8f0i
                                                                                                                                                                                                                                                                                        MD5:4CA3D2179CADAC7210297A3643F4CC5F
                                                                                                                                                                                                                                                                                        SHA1:B90F2EDED3DB02D1A328A460E28AC48B179B5A8B
                                                                                                                                                                                                                                                                                        SHA-256:7AF73FB0A7E752B3C4E646D2A89DFA230571E98EB25D60E44402674AB99D3FCF
                                                                                                                                                                                                                                                                                        SHA-512:BC3B44B0F0CF0A09E0030AA9969003BCB734A238A1816E6FA498C57667266E5ECE892F1E922D50D88733D25EC13B1E25829A9654EA72343F69E7C5CBC0F29B2C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....X...................20_.....W.J+.................19_......qY.................18_.....'}2..................37_.......c..................38_......i...................39_.....Owa..................20_.....4.9..................20_.....B.I..................19_..........................18_.....2.1..................37_..........................38_......=.%.................39_.....p.j..................9_.....JJ...................9_.....|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... ....P.................3_......C...................4_.......:S.................3_.....!sN..................4_.....

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):348
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.147990805231094
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:H2+hKPk9+q2PcNwi23oH+TcwtfrzAdIFUt8Y2+hpEJZmw+Y2+hpE9VkwOcNwi23q:nh5+vLZYeb9FUt88hE/+8hkV54ZYeb2J
                                                                                                                                                                                                                                                                                        MD5:4520CA1DC59F278B19673AB66C54C83E
                                                                                                                                                                                                                                                                                        SHA1:3D5F3C3CC627C4ADD108F53999D58A416F2B9F78
                                                                                                                                                                                                                                                                                        SHA-256:A680881BAD388A2F7EEF17E0612B3EF4576C2BDFFD8EBC15D2C0C8C58EB9AD53
                                                                                                                                                                                                                                                                                        SHA-512:693061443D6E45687818619DE5B0FE638209BFCF0DB035D3A7C4345F0629DDD3E0DE5866E4F94EC08B8DEFF476F2D0880097BE5587CDF13E44964C4D33451DC9
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:2024/11/20-06:16:20.263 1ebc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/11/20-06:16:20.264 1ebc Recovering log #3.2024/11/20-06:16:20.264 1ebc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):348
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.147990805231094
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:H2+hKPk9+q2PcNwi23oH+TcwtfrzAdIFUt8Y2+hpEJZmw+Y2+hpE9VkwOcNwi23q:nh5+vLZYeb9FUt88hE/+8hkV54ZYeb2J
                                                                                                                                                                                                                                                                                        MD5:4520CA1DC59F278B19673AB66C54C83E
                                                                                                                                                                                                                                                                                        SHA1:3D5F3C3CC627C4ADD108F53999D58A416F2B9F78
                                                                                                                                                                                                                                                                                        SHA-256:A680881BAD388A2F7EEF17E0612B3EF4576C2BDFFD8EBC15D2C0C8C58EB9AD53
                                                                                                                                                                                                                                                                                        SHA-512:693061443D6E45687818619DE5B0FE638209BFCF0DB035D3A7C4345F0629DDD3E0DE5866E4F94EC08B8DEFF476F2D0880097BE5587CDF13E44964C4D33451DC9
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:2024/11/20-06:16:20.263 1ebc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/11/20-06:16:20.264 1ebc Recovering log #3.2024/11/20-06:16:20.264 1ebc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):120
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                                                                                        MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                                                                                        SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                                                                                        SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                                                                                        SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):13
                                                                                                                                                                                                                                                                                        Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                                                        MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                                                        SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                                                        SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                                                        SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:117.0.2045.47

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.103081281546212
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7ynaPGWv/sxtwK7VLyMV/YoskFoz:z/0+zI7ynev/4KgVeZoskG
                                                                                                                                                                                                                                                                                        MD5:9E7BF04A456B2534CC3CC3C586A6DBE5
                                                                                                                                                                                                                                                                                        SHA1:E6DCD58F60AB5C23799EF65DD5D80C94BE9B2BE4
                                                                                                                                                                                                                                                                                        SHA-256:4D38BC3D705BB3765B2B903C265C25413AB332FAA87CE833604C0805476F4CCD
                                                                                                                                                                                                                                                                                        SHA-512:DD2E4F0780AB7A89E51661D4056F63203B642ACDADF52524617F3BD78009894E2145C8C0969CE33407CA8497532339891DE5BACA6B49F5B92271A1309B176A09
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF1f48c.TMP (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.103081281546212
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7ynaPGWv/sxtwK7VLyMV/YoskFoz:z/0+zI7ynev/4KgVeZoskG
                                                                                                                                                                                                                                                                                        MD5:9E7BF04A456B2534CC3CC3C586A6DBE5
                                                                                                                                                                                                                                                                                        SHA1:E6DCD58F60AB5C23799EF65DD5D80C94BE9B2BE4
                                                                                                                                                                                                                                                                                        SHA-256:4D38BC3D705BB3765B2B903C265C25413AB332FAA87CE833604C0805476F4CCD
                                                                                                                                                                                                                                                                                        SHA-512:DD2E4F0780AB7A89E51661D4056F63203B642ACDADF52524617F3BD78009894E2145C8C0969CE33407CA8497532339891DE5BACA6B49F5B92271A1309B176A09
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF1f49c.TMP (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.103081281546212
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7ynaPGWv/sxtwK7VLyMV/YoskFoz:z/0+zI7ynev/4KgVeZoskG
                                                                                                                                                                                                                                                                                        MD5:9E7BF04A456B2534CC3CC3C586A6DBE5
                                                                                                                                                                                                                                                                                        SHA1:E6DCD58F60AB5C23799EF65DD5D80C94BE9B2BE4
                                                                                                                                                                                                                                                                                        SHA-256:4D38BC3D705BB3765B2B903C265C25413AB332FAA87CE833604C0805476F4CCD
                                                                                                                                                                                                                                                                                        SHA-512:DD2E4F0780AB7A89E51661D4056F63203B642ACDADF52524617F3BD78009894E2145C8C0969CE33407CA8497532339891DE5BACA6B49F5B92271A1309B176A09
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF1f6fd.TMP (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.103081281546212
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7ynaPGWv/sxtwK7VLyMV/YoskFoz:z/0+zI7ynev/4KgVeZoskG
                                                                                                                                                                                                                                                                                        MD5:9E7BF04A456B2534CC3CC3C586A6DBE5
                                                                                                                                                                                                                                                                                        SHA1:E6DCD58F60AB5C23799EF65DD5D80C94BE9B2BE4
                                                                                                                                                                                                                                                                                        SHA-256:4D38BC3D705BB3765B2B903C265C25413AB332FAA87CE833604C0805476F4CCD
                                                                                                                                                                                                                                                                                        SHA-512:DD2E4F0780AB7A89E51661D4056F63203B642ACDADF52524617F3BD78009894E2145C8C0969CE33407CA8497532339891DE5BACA6B49F5B92271A1309B176A09
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF21dbf.TMP (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.103081281546212
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7ynaPGWv/sxtwK7VLyMV/YoskFoz:z/0+zI7ynev/4KgVeZoskG
                                                                                                                                                                                                                                                                                        MD5:9E7BF04A456B2534CC3CC3C586A6DBE5
                                                                                                                                                                                                                                                                                        SHA1:E6DCD58F60AB5C23799EF65DD5D80C94BE9B2BE4
                                                                                                                                                                                                                                                                                        SHA-256:4D38BC3D705BB3765B2B903C265C25413AB332FAA87CE833604C0805476F4CCD
                                                                                                                                                                                                                                                                                        SHA-512:DD2E4F0780AB7A89E51661D4056F63203B642ACDADF52524617F3BD78009894E2145C8C0969CE33407CA8497532339891DE5BACA6B49F5B92271A1309B176A09
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF24b86.TMP (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.103081281546212
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7ynaPGWv/sxtwK7VLyMV/YoskFoz:z/0+zI7ynev/4KgVeZoskG
                                                                                                                                                                                                                                                                                        MD5:9E7BF04A456B2534CC3CC3C586A6DBE5
                                                                                                                                                                                                                                                                                        SHA1:E6DCD58F60AB5C23799EF65DD5D80C94BE9B2BE4
                                                                                                                                                                                                                                                                                        SHA-256:4D38BC3D705BB3765B2B903C265C25413AB332FAA87CE833604C0805476F4CCD
                                                                                                                                                                                                                                                                                        SHA-512:DD2E4F0780AB7A89E51661D4056F63203B642ACDADF52524617F3BD78009894E2145C8C0969CE33407CA8497532339891DE5BACA6B49F5B92271A1309B176A09
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2e10f.TMP (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.103081281546212
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7ynaPGWv/sxtwK7VLyMV/YoskFoz:z/0+zI7ynev/4KgVeZoskG
                                                                                                                                                                                                                                                                                        MD5:9E7BF04A456B2534CC3CC3C586A6DBE5
                                                                                                                                                                                                                                                                                        SHA1:E6DCD58F60AB5C23799EF65DD5D80C94BE9B2BE4
                                                                                                                                                                                                                                                                                        SHA-256:4D38BC3D705BB3765B2B903C265C25413AB332FAA87CE833604C0805476F4CCD
                                                                                                                                                                                                                                                                                        SHA-512:DD2E4F0780AB7A89E51661D4056F63203B642ACDADF52524617F3BD78009894E2145C8C0969CE33407CA8497532339891DE5BACA6B49F5B92271A1309B176A09
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3081f.TMP (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.103081281546212
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7ynaPGWv/sxtwK7VLyMV/YoskFoz:z/0+zI7ynev/4KgVeZoskG
                                                                                                                                                                                                                                                                                        MD5:9E7BF04A456B2534CC3CC3C586A6DBE5
                                                                                                                                                                                                                                                                                        SHA1:E6DCD58F60AB5C23799EF65DD5D80C94BE9B2BE4
                                                                                                                                                                                                                                                                                        SHA-256:4D38BC3D705BB3765B2B903C265C25413AB332FAA87CE833604C0805476F4CCD
                                                                                                                                                                                                                                                                                        SHA-512:DD2E4F0780AB7A89E51661D4056F63203B642ACDADF52524617F3BD78009894E2145C8C0969CE33407CA8497532339891DE5BACA6B49F5B92271A1309B176A09
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3370f.TMP (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.103081281546212
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7ynaPGWv/sxtwK7VLyMV/YoskFoz:z/0+zI7ynev/4KgVeZoskG
                                                                                                                                                                                                                                                                                        MD5:9E7BF04A456B2534CC3CC3C586A6DBE5
                                                                                                                                                                                                                                                                                        SHA1:E6DCD58F60AB5C23799EF65DD5D80C94BE9B2BE4
                                                                                                                                                                                                                                                                                        SHA-256:4D38BC3D705BB3765B2B903C265C25413AB332FAA87CE833604C0805476F4CCD
                                                                                                                                                                                                                                                                                        SHA-512:DD2E4F0780AB7A89E51661D4056F63203B642ACDADF52524617F3BD78009894E2145C8C0969CE33407CA8497532339891DE5BACA6B49F5B92271A1309B176A09
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF36812.TMP (copy)

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.103081281546212
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7ynaPGWv/sxtwK7VLyMV/YoskFoz:z/0+zI7ynev/4KgVeZoskG
                                                                                                                                                                                                                                                                                        MD5:9E7BF04A456B2534CC3CC3C586A6DBE5
                                                                                                                                                                                                                                                                                        SHA1:E6DCD58F60AB5C23799EF65DD5D80C94BE9B2BE4
                                                                                                                                                                                                                                                                                        SHA-256:4D38BC3D705BB3765B2B903C265C25413AB332FAA87CE833604C0805476F4CCD
                                                                                                                                                                                                                                                                                        SHA-512:DD2E4F0780AB7A89E51661D4056F63203B642ACDADF52524617F3BD78009894E2145C8C0969CE33407CA8497532339891DE5BACA6B49F5B92271A1309B176A09
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):86
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQp:YQ3Kq9X0dMgAEwjj
                                                                                                                                                                                                                                                                                        MD5:F732DBED9289177D15E236D0F8F2DDD3
                                                                                                                                                                                                                                                                                        SHA1:53F822AF51B014BC3D4B575865D9C3EF0E4DEBDE
                                                                                                                                                                                                                                                                                        SHA-256:2741DF9EE9E9D9883397078F94480E9BC1D9C76996EEC5CFE4E77929337CBE93
                                                                                                                                                                                                                                                                                        SHA-512:B64E5021F32E26C752FCBA15A139815894309B25644E74CECA46A9AA97070BCA3B77DED569A9BFD694193D035BA75B61A8D6262C8E6D5C4D76B452B38F5150A4
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":1}

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\bd1c8a72-e3bf-49ce-847e-7bcde0e8ea2f.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):57631
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.103710041967124
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7ynjPGWv/sxtwRj7VLyMV/YoskFoz:z/0+zI7ynbv/4KxVeZoskG
                                                                                                                                                                                                                                                                                        MD5:688DE99CCDD0494BC68AA90F398A59C3
                                                                                                                                                                                                                                                                                        SHA1:CAECC88053BF6EE8BA62FBF00C3F0D7164BC2A4A
                                                                                                                                                                                                                                                                                        SHA-256:117973A413A3C7B1F79C49D3B9A729D5B9B9E2BE98447F09B50FE3751FB97241
                                                                                                                                                                                                                                                                                        SHA-512:D7CE1C2D0DA0338CF9612337B93C9493E35CD09F2C5C8B710474D99F78E5828E89E3652A7046D4915FCBF45BCD3F73003E9D16CE8E3C381BBE11A2C57F8348D0
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\d2de61be-38d3-4a05-b6ac-694c371fc05c.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):56066
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.103081281546212
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7ynaPGWv/sxtwK7VLyMV/YoskFoz:z/0+zI7ynev/4KgVeZoskG
                                                                                                                                                                                                                                                                                        MD5:9E7BF04A456B2534CC3CC3C586A6DBE5
                                                                                                                                                                                                                                                                                        SHA1:E6DCD58F60AB5C23799EF65DD5D80C94BE9B2BE4
                                                                                                                                                                                                                                                                                        SHA-256:4D38BC3D705BB3765B2B903C265C25413AB332FAA87CE833604C0805476F4CCD
                                                                                                                                                                                                                                                                                        SHA-512:DD2E4F0780AB7A89E51661D4056F63203B642ACDADF52524617F3BD78009894E2145C8C0969CE33407CA8497532339891DE5BACA6B49F5B92271A1309B176A09
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\eeab56ab-cfa6-4783-9a4f-1119e7e87af3.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):59327
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.0989580912289645
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:OMk1rT8HRlPGWv/sxtwtt0o1n6FoC7VLyMV/Yost:OMYrT8x1v/4Ktt0osfVeZost
                                                                                                                                                                                                                                                                                        MD5:FB63EE7DA97E0672039331CA960706F4
                                                                                                                                                                                                                                                                                        SHA1:FE3340ED8C504FCE0E9D84DAE802B94959DA9F25
                                                                                                                                                                                                                                                                                        SHA-256:F8B60A2B98F9DE46213A0947E97DF2813E1FFC92F01414B7F77D44207B7E54C5
                                                                                                                                                                                                                                                                                        SHA-512:47B5A7B91A6405012E25BF326795872E0C3F60EFE62A86DD0612CCC29C07DB01449A1F20F22B921ED151F0A6FF4CC9CA383D7508062840E2238DA67FAC8B99EB
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd198r5dr5VYgHj55vViEOsF96z3F4ONrN2yeYHGQlo5wvtB8h5moYSz3q4XkgOLF68CtN9

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\f3371f42-d5c9-42a2-83ab-cada6961bc07.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):58230
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.101781451605306
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:OMk1rT8HRRPGWv/sxtw0D1n6FoC7VLyMV/Yost:OMYrT8xJv/4KqsfVeZost
                                                                                                                                                                                                                                                                                        MD5:1EE70C8FD70AB70C7B7E4D72EAFC44E4
                                                                                                                                                                                                                                                                                        SHA1:1D3E50DAFE2354F14319AF0C5974EE4FF6B661A6
                                                                                                                                                                                                                                                                                        SHA-256:A0D743613EA8199524CE4EB20726C2421BA80C7C778CB017B6F6518A8A708721
                                                                                                                                                                                                                                                                                        SHA-512:28D7E0F69957DDE5C534F39E08565CE7286CF223904010A902CEDF2BF2CEBCB0BCF7484C5B26A02D0388CCE46A48900E8E91BCBC6DB8F5211A6D08FD5DC616DC
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd198r5dr5VYgHj55vViEOsF96z3F4ONrN2yeYHGQlo5wvtB8h5moYSz3q4XkgOLF68CtN9

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Edge\User Data\fac919ea-1f96-4adb-b832-6b0c0c292bb2.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):57846
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.104189735873379
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:z/Ps+wsI7yORPGWv/sxtw0j7VLyMV/YoskFoC:z/0+zI7yOJv/4KWVeZoskn
                                                                                                                                                                                                                                                                                        MD5:E60594F4BFC94203904BC9E91822E72F
                                                                                                                                                                                                                                                                                        SHA1:3855B0518DAFB426C0ED3C5B658E09F97F9F62EC
                                                                                                                                                                                                                                                                                        SHA-256:7A729A6C2F321611C424664D0563073D217E62877966ADBB028A700034207494
                                                                                                                                                                                                                                                                                        SHA-512:DF1A8B94AF02274F1FCC74196B989F7CFE007721550A305A5E4828822A1932BAE9CD535733D6022314BF126F0C8F59CC9B458F7F1D9B4583D937065EF64BEE98
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\69QF6ADN\www.msn[1].xml

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):127
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.937042120533353
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:D9yRtFwsSxzqC+eAsNzUfRHHFk6HsQ9qTUqRKb:JUF+FqCqEU5dZdqwb
                                                                                                                                                                                                                                                                                        MD5:3F41072E30377BCBDF6596F42E6EB93F
                                                                                                                                                                                                                                                                                        SHA1:D359F5CE1F1A76CDCB74CEE68484FFAF3EEEFFA4
                                                                                                                                                                                                                                                                                        SHA-256:066B5D364646A92988B5BF64D0AB608FE2763FFEEAD5C933F1EE5A48E6F0B630
                                                                                                                                                                                                                                                                                        SHA-512:DE1C6C4DB470BE713E0FBD74416AA99DEEC71F11CCA2355BAD2BF7D981D6A87B055AC763F63E8D61A3D5721412849B4B23E121899BEA3D1682E3C799A2329580
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:<root><item name="pageVersions" value="{&quot;hp&quot;:&quot;20241119.141&quot;}" ltime="2762614560" htime="31144765" /></root>

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-CH.1

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                                                                                        Size (bytes):18176
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.525633053475079
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:384:K4gN8sGygaEKfWYSJUKbO7UckxtBjCdY7mO3D0C5l+piEieDSV126ry1/XSGKwG3:K4gNFXiKfWfJ1Kockxbd7mAt5Mp5ie2F
                                                                                                                                                                                                                                                                                        MD5:5A34CB996293FDE2CB7A4AC89587393A
                                                                                                                                                                                                                                                                                        SHA1:3C96C993500690D1A77873CD62BC639B3A10653F
                                                                                                                                                                                                                                                                                        SHA-256:C6A5377CBC07EECE33790CFC70572E12C7A48AD8296BE25C0CC805A1F384DBAD
                                                                                                                                                                                                                                                                                        SHA-512:E1B7D0107733F81937415104E70F68B1BE6FD0CA65DCCF4FF72637943D44278D3A77F704AEDFF59D2DBC0D56A609B2590C8EC0DD6BC48AB30F1DAD0C07A0A3EE
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:8...L7..............TRIE64.....?....\........c.h.a.n.n.e.l...c.h.$.h.t.t.p.:././.w.w.w.....1.6.t.h.e.m.o.v.i.e...c.o.m.$.h.t.t.p.:././..A0...c.a.r.p.r.o.s...c.o.m...1..A1...s.h.a.r.e.d...3...c.o.m.$.h.t.t.p.s...0.0.n.o.t.e.s..A...Aa...p.c...g.o...a.m.i.l.y.....o.c.a.l...e.w.s..A...Af..Al..An...y.a..Ac...l.e.a.m.m.o...d.e.m.y...u.n.t.s...k.e.y...c.o.m.$.h.t.t.p.s..Ao...u.w.e.a.t.h.e.r...o.n.y.m.s...t.h.e.f.r.e.e.d.i.c.t.i.o.n.a.r.y_.Aa..Ac..Ar...t.i.v.e.r.a.i.nP..i.c.t.i.n.g.g.a.m.eZ.Ad...o.b.eU.A.T..t.n...a.m...r.t.r.a.nG..s.k.a.a.i...b.a.b...g.i.a.n.t...e.n.u2..u.r.sP.A...Aa..Ai...lAe..Am..An...r.e.c.i.p=..z.o...t.h.e.a.t.r...x.p.r.e.s.s...r.i.c.a.nAe...t.o.w.n..Aa..Ac..Ae...t.r.a.k...e.s.t.rD.Ak...r.o.i.d.f.o.r.u.m...l.f.i.r..Ae...i.e.s.l.i.s.t...m.a.l.j.a.m...a.g...i.c.r.o.s.o.f.t...w.e.rAb...s..Ac..Am...y.a.h.o..Ac..Ad..Ag..Ai..As...y.w.h...lA....a.n.s.w.e.r...i.n.d...u.i.d<..a.t.i.n.g...r.t.m.e.n.tAf..Ag..Ar...s}.Aa...p.l.eA.w..b.e...r.g.a.m..Ao...y...m.i.l9..l.a.t.i..Am...t.i.c.l

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):49120
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0017331682157558962
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:Ztt:T
                                                                                                                                                                                                                                                                                        MD5:0392ADA071EB68355BED625D8F9695F3
                                                                                                                                                                                                                                                                                        SHA1:777253141235B6C6AC92E17E297A1482E82252CC
                                                                                                                                                                                                                                                                                        SHA-256:B1313DD95EAF63F33F86F72F09E2ECD700D11159A8693210C37470FCB84038F7
                                                                                                                                                                                                                                                                                        SHA-512:EF659EEFCAB16221783ECB258D19801A1FF063478698CF4FCE3C9F98059CA7B1D060B0449E6FD89D3B70439D9735FA1D50088568FF46C9927DE45808250AEC2E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DB56BE20-A730-11EF-8C2C-ECF4BB82F7E0}.dat

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):7168
                                                                                                                                                                                                                                                                                        Entropy (8bit):2.8639701323642934
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:de2el/Z7deqeleTeeqeleT/8Volr8VolILwIhTtnL4IhTt:de2elx7deqeleTeeqeleT/KmK77
                                                                                                                                                                                                                                                                                        MD5:E6B93307C34D0849DDC8BB175450224D
                                                                                                                                                                                                                                                                                        SHA1:91C6E14CB4F9E6B8AE4714D7019F017B4BA7B800
                                                                                                                                                                                                                                                                                        SHA-256:86762935ED623B9C9F0DBA9EB930896712BECA5FDA49CEEEB6504A570530D08C
                                                                                                                                                                                                                                                                                        SHA-512:26B57F7F01DEF36CCB97BD8EE7B150F5514B82BD126AFA43A51326310E9415F56032AF57FE15D699360D2FBD00B352A4E75B2B0DD1851F61EFAA772DA4285F19
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.........................................................................................@h8.=;................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8...............................................................F.r.a.m.e.L.i.s.t...............................................................................................................O._.T.S.I.b.5.W.2.z.C.n.7.x.G.M.L.O.z.0.u.4.L.3.4.A.=.=.........:.......................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DB56BE22-A730-11EF-8C2C-ECF4BB82F7E0}.dat

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):5632
                                                                                                                                                                                                                                                                                        Entropy (8bit):2.2150043292557564
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:rNoGi0E649l38dyLbKvqy6yEyvy5DlsN5Acb9l38dyDvqy:rNoGvE6s8dCKS9LYu0OA8doS
                                                                                                                                                                                                                                                                                        MD5:CAEA84B1893C612F3CBA6DF901BC01DA
                                                                                                                                                                                                                                                                                        SHA1:9FCD5C175282B627BA0131089531202308D62CB6
                                                                                                                                                                                                                                                                                        SHA-256:16D56EBAB71148DDD7A0CF71C9FFE5F946CF4793E8F8994C8127FB417607A4C6
                                                                                                                                                                                                                                                                                        SHA-512:8FF097D7EB87744E29AEEDB17BC7E0E48C4DD988ACA71DEB7A8C39AE626514B6D1AEEE2DD170FD3109874FF50C6C5CC26622CAA22F7CCACC5313E10B24CA10C8
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y..........................................................................................#.=;................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................4.......T.r.a.v.e.l.L.o.g.......................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DB56BE24-A730-11EF-8C2C-ECF4BB82F7E0}.dat

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):5632
                                                                                                                                                                                                                                                                                        Entropy (8bit):2.2104993720783224
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:rJ0N+xGv9lj8OZyId01ZKvqy6yEyvy5DlsN5Acb9lj8OZyIdXvqy:r2NOGb8OZzKZKS9LYu0OU8OZzXS
                                                                                                                                                                                                                                                                                        MD5:3E4E6FA2CC33563C9F0D3CB0A87EF253
                                                                                                                                                                                                                                                                                        SHA1:CB524FC54EE0B42C7AD50BCA6727543F7816FD56
                                                                                                                                                                                                                                                                                        SHA-256:45EAA5055BA77E0CF236542E5AB28270784E3D395540CB497A5491A32725B66F
                                                                                                                                                                                                                                                                                        SHA-512:B17D33851A3B3CFAC019BBDB203F4D847B131A8E8C64893FE2A7DBF0A64D007892EB783311076544F42F28F43BB647527D3E8462CAB99C9ABDF51CDA16A04E90
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.........................................................................................@N.=;......@.........K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................4.......T.r.a.v.e.l.L.o.g...............................................................................................................T.L.0...................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E1E9FBA8-A730-11EF-8C2C-ECF4BB82F7E0}.dat

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):4096
                                                                                                                                                                                                                                                                                        Entropy (8bit):1.950729465077511
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:rl0ZGFUrEgmfu66FK33+xrEgmfu6qg9lSaJI0tnRYCDAnRwk9lIcatQ0tfRwH5yt:rgGb+xGv9lg8nOBak9lj8iZyjB
                                                                                                                                                                                                                                                                                        MD5:E6C65136357D52210D5BFC791D209C4D
                                                                                                                                                                                                                                                                                        SHA1:219D8F1CE9DDE16DC65A4B022373A113E29C694F
                                                                                                                                                                                                                                                                                        SHA-256:8EAF87B0A02380B087496A147816BAF88B368322966799143616FB664939F8F1
                                                                                                                                                                                                                                                                                        SHA-512:959FFB679625C47CDA4E35B263751E0C4E9232F5F8B23B5C9770EFE0A00A9411161B5665E0C8317F0346065E581665D630145AF0C5F1EBF08454C34B207BA862
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.............................................................................................=;................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................4.......T.r.a.v.e.l.L.o.g.......................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E1E9FBAA-A730-11EF-8C2C-ECF4BB82F7E0}.dat

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):5632
                                                                                                                                                                                                                                                                                        Entropy (8bit):2.211873401110103
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:rqGDvRH79lj8j2wZyQ2wuKvqy6yEyvy5DlsNUAcb9lj8j2wZyQ2wXvqy:rqG7RX8jfZ9fuKS9LYu09U8jfZ9fXS
                                                                                                                                                                                                                                                                                        MD5:0CF25D17921F451F06B55117024E9C23
                                                                                                                                                                                                                                                                                        SHA1:E41CEDEE9F7B90B1B321E8096AFBB55D59F8B450
                                                                                                                                                                                                                                                                                        SHA-256:6D94BCA16B4F142D4DF5FB13F7D72C6ECFEF2B3302FE57B6B5ABF8A53287BB10
                                                                                                                                                                                                                                                                                        SHA-512:FAAFCFB30B87A6D1BCFE8CB9CF24DA94903826BBB12C96F659E9D726A2FA8E4C46AB86191DA55E1BBEF840D8BD448302AAD3DCBA173C7CC93D2D57E110AB8470
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:......................>.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y...........................................................................................x.=;................K.j.j.a.q.f.a.j.N.2.c.0.u.z.g.v.1.l.4.q.y.5.n.f.W.e...........8.......................................................4.......T.r.a.v.e.l.L.o.g.......................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (317), with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):359
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.094427493406196
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:TMVBdc9EMdLD5Ltqc41EwHZBEiw71TD90/QL3WIZK0QhPPcPVDHkEtMjwu:TMHdNMNxOEw5St1nWimI00OYVbkEtMb
                                                                                                                                                                                                                                                                                        MD5:EF3077F68CB8598A0C333B5035E2C4BC
                                                                                                                                                                                                                                                                                        SHA1:D69669DDD574C7133C34A8A74DC53C3D67F04C8D
                                                                                                                                                                                                                                                                                        SHA-256:CB625371E9152FF2F512C5AE92EB8410EE64EE0A942338C7A14580BDDD9DAC4E
                                                                                                                                                                                                                                                                                        SHA-512:BA4366748671CA0EE4ACBDB1A7D67FA9AE9CC2CB0D10046EF570E6ED57F0742DB8A674B8FED4E2C5C47E7A590ABD27B5FAA841DC3EBFC2291C32F87CC1882701
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xa7016a4b,0x01db3b3d</date><accdate>0xa703bb90,0x01db3b3d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xml

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (315), with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):357
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.114091467029694
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:TMVBdc9EMdLD5Ltqc4fLGTkFwLUB+By71TD90/QL3WIZK0QhPPcPkI5kU5EtMjwu:TMHdNMNxe2kFsY+Y71nWimI00OYkak6t
                                                                                                                                                                                                                                                                                        MD5:523DA26CC0C67850E7F791E0D4500605
                                                                                                                                                                                                                                                                                        SHA1:A98D06E836A644EB7DD8922BE63C090369EA1361
                                                                                                                                                                                                                                                                                        SHA-256:AB34D11768446FF8083530B5F3C4644E5354A73C71B0F597F0093C1D8F604383
                                                                                                                                                                                                                                                                                        SHA-512:E0214C885A63674BC70F022AD0B5381C70A3117CDD14E00D882A22BF2C1A7389F0625AA35153CB55BC8E31D449518938260DBC93A1A0B9B952F94C18096077D6
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0xa6ebe4a6,0x01db3b3d</date><accdate>0xa6ee34d0,0x01db3b3d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (321), with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):363
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.084964362952454
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:TMVBdc9EMdLD5Ltqc4GLwTlu+BETlu+1TD90/QL3WIZK0QhPPcPyhBcEEtMjwu:TMHdNMNxvLwE+SE+1nWimI00OYmZEtMb
                                                                                                                                                                                                                                                                                        MD5:FBDD9E130C07086B737850A79736AD1E
                                                                                                                                                                                                                                                                                        SHA1:34EA853A73CA71830C3A0C6491C77519521AE4C0
                                                                                                                                                                                                                                                                                        SHA-256:F51111A8883CB6EB0AE8BFFA91D6A430258F31C2C00543C2E97C3C8A42C457AE
                                                                                                                                                                                                                                                                                        SHA-512:C19434010511CAB0D7BD5AAF2B98B9B6FC6BD3DBD99146A9AD0802777FDED174EED3FD3F214B9134192BF4DAD290BD9BEA7448340CD8147258B884F68C5F4F15
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0xa7060c3f,0x01db3b3d</date><accdate>0xa7060c3f,0x01db3b3d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-314712940\msapplication.xml

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (338), with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):380
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.191417625297055
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:TMVBdc9EMdLD5Ltq08eDPOOKaihMJBW1TD90/QL3WIZK0QhPPcPcE5EtMjwu:TMHdNMNxtDPOOKa581nWimI00OYcE5Es
                                                                                                                                                                                                                                                                                        MD5:813FFD097145942C61B275136D427B53
                                                                                                                                                                                                                                                                                        SHA1:FF74A343E10B628E91B0933F48926256CD4CDD2D
                                                                                                                                                                                                                                                                                        SHA-256:2BC21AFA07303CCAE2177BB405E20906DB13A59FCDFF7327BE50D8A647435207
                                                                                                                                                                                                                                                                                        SHA-512:C3D397C825FE784D8CDC2AFC7B6B3014FE4945A2DA0F862CDAE7DE7E24C7BF25FFF015AAA98B84850D196C6E10320DF604E4A930226D132CD6304FAB669FED1C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://go.microsoft.com/fwlink/p/?LinkId=255142"/><date>0xa6f31447,0x01db3b3d</date><accdate>0xa6f31447,0x01db3b3d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Bing.url"/></tile></msapplication></browserconfig>..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xml

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (311), with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):353
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.115402245881525
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:TMVBdc9EMdLD5Ltqc4J13Bm1TD90/QL3WIZK0QhPPcPgE5EtMjwu:TMHdNMNxi13A1nWimI00OYd5EtMb
                                                                                                                                                                                                                                                                                        MD5:F3B3C2ABD5885129DCDB1FFCDD1A7CA3
                                                                                                                                                                                                                                                                                        SHA1:79B801818054F71ADD44720AD8015CB6A8E1B75D
                                                                                                                                                                                                                                                                                        SHA-256:7E489C2FA4D6BEF5A87503DB86A024F617B216247AEC133E0B23D389849727F2
                                                                                                                                                                                                                                                                                        SHA-512:B907ED5DDA25E0FBB12954B07113D123D44CDDC04AD9D310A4DD8E316D9FC40EBAB52DA1A52526250442D073E6A5F34167A7672F090FDF5B877BE09C12581D7D
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0xa6fca415,0x01db3b3d</date><accdate>0xa6ff088a,0x01db3b3d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (317), with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):359
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.111753446209416
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:TMVBdc9EMdLD5Ltqc4UxGwwTlu+BEdu1TD90/QL3WIZK0QhPPcP8K0QU5EtMjwu:TMHdNMNxhGwwE+Sdu1nWimI00OY8K07/
                                                                                                                                                                                                                                                                                        MD5:98BC826D39686DB71AAA14DA9F75821E
                                                                                                                                                                                                                                                                                        SHA1:F20F0847E7EDF4F413F490CD0A420CAB0EDD3077
                                                                                                                                                                                                                                                                                        SHA-256:E0F0C73899D32EA6145F1387590E8C053530D6C693C404E0B0968DFAF6635A41
                                                                                                                                                                                                                                                                                        SHA-512:CE006D7C8A5117A2433C356D6C0A78D73FE242D86B22223F2A431DF84D55DB8717F973940820AB4F690616979E07B8E3301910967FBE3A7C986D2F2088D52A10
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xa7060c3f,0x01db3b3d</date><accdate>0xa7085dfb,0x01db3b3d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (315), with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):357
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.096663237155238
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:TMVBdc9EMdLD5Ltqc4QunwHZBEHZ1TD90/QL3WIZK0QhPPcPAkEtMjwu:TMHdNMNx0nw5S51nWimI00OYxEtMb
                                                                                                                                                                                                                                                                                        MD5:9265679AC4FBEBF5E2FE73148F98577D
                                                                                                                                                                                                                                                                                        SHA1:D12DECD181DBB0B7E591472F86773D9D97873E96
                                                                                                                                                                                                                                                                                        SHA-256:D221D2BE942A2A0931697F784951580E383252798262F109EF1785E6CF7364B2
                                                                                                                                                                                                                                                                                        SHA-512:D44A55D4C472EC896050B419879F54B0367711A03065F19377E4256113437E3E21FD5B773B7ADDFE9C666C05A96C0B4702A81FD2F919B4A409E855A3233061B7
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0xa7016a4b,0x01db3b3d</date><accdate>0xa7016a4b,0x01db3b3d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xml

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (317), with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):359
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.13374248407173
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:TMVBdc9EMdLD5Ltqc4oTaBm1TD90/QL3WIZK0QhPPcP6Kq5EtMjwu:TMHdNMNxxaA1nWimI00OY6Kq5EtMb
                                                                                                                                                                                                                                                                                        MD5:64F5380D95EA7CDA2E1E126A9613460D
                                                                                                                                                                                                                                                                                        SHA1:10B98FD70B47EF7492F02AC73832564A1A2D9850
                                                                                                                                                                                                                                                                                        SHA-256:3CF8077C1A7DCB1D5A64CE13695BC177BC57FDD3D50A5E31CA333F0D1DF7D6DB
                                                                                                                                                                                                                                                                                        SHA-512:6D3AFB7D619C8CDB41C6CB97C5D033E7B0159AF12A5673914167C70320EE4FB527CF61C354D760681325EAA0EBA3517039EA6EC5BFC905A0E5F4DCB9D7A3EDAD
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0xa6ff088a,0x01db3b3d</date><accdate>0xa6ff088a,0x01db3b3d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (319), with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):361
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.137190433542536
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:TMVBdc9EMdLD5Ltqc4YX2nDBn1TD90/QL3WIZK0QhPPcP02CqEtMjwu:TMHdNMNxcDN1nWimI00OYVEtMb
                                                                                                                                                                                                                                                                                        MD5:72DB031E7A84A142180F0E61EE1D5AFC
                                                                                                                                                                                                                                                                                        SHA1:9272773A2C963C0395575A7BB24DC74F827A7322
                                                                                                                                                                                                                                                                                        SHA-256:A351E700152E0F4830D62F5DD47A25CA91946B034F42095166ABC5DB3C4CBBC7
                                                                                                                                                                                                                                                                                        SHA-512:C1B8995079EE46DF89EA07DF10619FF77BB14A4BAF0E068E8D1E3560BC9A3E5BB93369B82B4206D920F6EF65E868D02F118B557046CD9A717755C79FCCAFDF23
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xa6f56920,0x01db3b3d</date><accdate>0xa6f56920,0x01db3b3d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xml

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines (315), with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):357
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.091734234365169
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:TMVBdc9EMdLD5Ltqc4Inbo+BKF1TD90/QL3WIZK0QhPPcPiwE5EtMjwu:TMHdNMNxfnbo+c1nWimI00OYe5EtMb
                                                                                                                                                                                                                                                                                        MD5:D6023EDBEBED98EAD428DA79AC6A5CCC
                                                                                                                                                                                                                                                                                        SHA1:98B679717ABAB8DA56F30479F5E0C360F1AB2AC2
                                                                                                                                                                                                                                                                                        SHA-256:4FD55EB32A99A5968CD2EB136D05A2CC1D4DE16828E99CA70A587FB3559DB7A5
                                                                                                                                                                                                                                                                                        SHA-512:5F94AB97137A29752E51AB548B922947C69414E4F7B90C3D04253B22488E7B82CA4E718F5E5637AD01BB3B7BF55D464D18C132F4C046EFB0100B835C24FD44C1
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0xa6f7c80f,0x01db3b3d</date><accdate>0xa6fa35c7,0x01db3b3d</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\mrqoajc\imagestore.dat

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):4394
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.895550883074555
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:AY2q7UYWIzFhJFYo6syPYmSTZYVVQQT/VfygNR:AYh7TWqFpzTTGjT/VfyK
                                                                                                                                                                                                                                                                                        MD5:7F6D8646FA902D84E0B963BCD3F061A5
                                                                                                                                                                                                                                                                                        SHA1:145EE6F5573A38CEAB0E25E0A14A1A2690C48FD5
                                                                                                                                                                                                                                                                                        SHA-256:25EB08E5D8DE7577E03A827C31C656721E6D7483C9ACBAE3D782B418EEA5E6A9
                                                                                                                                                                                                                                                                                        SHA-512:D30F6FC94BD154DBACB87C098782EAA97D6E890E4BEC26F18171F78DA86E3D71E08A2A5C56D9C7A97162A20962938EE480D3C93C8655E5B374E5EB7479A4C618
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:..........h.t.t.p.s.:././.w.w.w...m.s.n...c.o.m./.f.a.v.i.c.o.n...i.c.o........... .... .........(... ...@..... .................................G..."...?..<2...)...'...-...8..uD...@...8...............2...2...1...1...2...4...7...6.......................................T...Q...S..*J...@...9...7...:...B...K...U.|/G...[.r.....C...=...?..c@...D...E...D...D..{]...H...................................i.a.:...].p.U.{.N...H...F...H...L...S.~.\.q.f.c4`.h...g.R...O...P...S...V...V...U...S...S.. T...................................m.V.o.R.i.^.a.j.Z.u.T.}.R...S...V.z.\.q.e.e.l.V.i.E j.H.Y...Y...Z...Z...Z...Z...Z...Y...Y..KY...................................g.E.e.A.j.K.k.X.f.c.`.k.^.o.^.n.a.j.f.c.l.X.h.H.[.5.E...U...[...[...[...Z...Z...Z...Z...Z..cZ...................................Z.5.N.(.[.6.d.B.k.P.k.X.j.].j.].k.Z.m.S.h.H.\.7.M.$.@..SK.8.]...Z...[...[...[...[...[...[..d[...................................M.&.L.#.L.#YR.*.].7.d.B.h.H.j.I.h.G.c.?.Z.4.N.%.?...=...}h....}.yb.\y..Z...[...[...[...[.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2278
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.8606220872808406
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:uiTrlKxrgxLzxl9Il8uDHBB4u90pvIzz84x9nYmWDad1rc:muY9BV0pgz3TY1Z
                                                                                                                                                                                                                                                                                        MD5:24B5D30373B19E63EB0FDE351FE5257F
                                                                                                                                                                                                                                                                                        SHA1:A799EABEA990A054BF9C19CA36C3BDCF0F6311DA
                                                                                                                                                                                                                                                                                        SHA-256:5B854610C2F65B4A4FAFB2B9FD03C6E1B1AEA27D6107CE6380F79E3B5FCDFD3A
                                                                                                                                                                                                                                                                                        SHA-512:75498FB0D4488E72442198DCD47E43B833D2DCF38FF8F8938AB111E38A475240D83029C48C53A238426065CDCD7EC8549B374B94B7A8FC0D6D05CEDAE7FD135D
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.E.l.J.B.U.Y.7.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.z.S.4.6.a.Q.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):4622
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.9987376007814763
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:MY9KbwuFEJKlGNIicea2FyWcrm7oHbyqEG6kvM:MAK8ueElM5cwFyWO7xEDl
                                                                                                                                                                                                                                                                                        MD5:AA1EEF9610B14165ED6C0D950C27CD9D
                                                                                                                                                                                                                                                                                        SHA1:9DE79A28FC1B28A64F8846A80433BBA1085B3AAE
                                                                                                                                                                                                                                                                                        SHA-256:D2F77B248783E376D30C3D7AC08448617FCE870ADD5CAD993C9523907246FAFC
                                                                                                                                                                                                                                                                                        SHA-512:B3692056C7B4001E41968F7B86E576C328FC65F37590B55A6A877CF5950C02DC3ABB587B09C2AC00D5B3672CBAE2F0462FCAE064C283FC3A955240579844C652
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".x.k.m.i.6.j.0.7.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.z.S.4.6.a.Q.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2684
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.904921460628573
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:uiTrlKx68Wa7x+ixl9Il8uDHNEmBT+PUBb4Houzz+6cBG1Bd/vc:asmY9NEmBTBOAQ1Q
                                                                                                                                                                                                                                                                                        MD5:332CFB252A561BBB6F1C79CB5F56458F
                                                                                                                                                                                                                                                                                        SHA1:A04A14039AB9E977B1CBBA908B973F9C2373A4F7
                                                                                                                                                                                                                                                                                        SHA-256:6ED9C1CDB0336F1E9F98FB7AFCC00A71563CCBDB636322D5773DD8B081D8D412
                                                                                                                                                                                                                                                                                        SHA-512:660B4187DE79127B11E2CEB1E65BA609F3EEA761DF8CBD3FEBDC496DABFA22A4172519A75AE6F325110FE520B8AF8E4E5AB172E77C139428093395600CECE938
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".6.N.3.U.y.9.n.A.U.E.q.s.5.u.9.6.E./.o.g.0.E./.V.J.A.g.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".f.d.3.9.G.Q.9.a.3.A.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.z.S.4.6.a.Q.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\AA1tXNBK[1].jpg

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 275x157, components 3
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.105412372395221
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:768:4F9ulGH5HsMqCL3m4mNmgUQW1vl045Kn5A2ML2:4FUlUnbmTW1vl04kn5A2
                                                                                                                                                                                                                                                                                        MD5:1153107D18674FA3398379F5C56C0D8D
                                                                                                                                                                                                                                                                                        SHA1:44C71CA7A6899CAB640723EE843E706C6CC0B338
                                                                                                                                                                                                                                                                                        SHA-256:A210EB0EAAAE5793252B473F4CC962A861A33089177F3FCD30192C063F4E1376
                                                                                                                                                                                                                                                                                        SHA-512:74DE9BEC98CECF9D929962C20CF996E8CEA0816C2A4CB5DF77452BD8F7AE5E9FC49ABAF456EDF34E2DDC462AC20945357CEEFF4F2565361F0DBB9DA6C994EAAF
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:......JFIF.....`.`......................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..........................................................................................................................................................................................................................?......Wc(.1.j..P`R..v..... 'J...)..i0$QHD......H..@- .P..h.h....@.@.4..@.y..H..0.i..@.4..(..).#aT.V.x,.......f..6Q..E,....)+...j/.xn~.$.$y..*..B.>.....N........>....."cmq..........p1...SS.6z..mZ{.*o..0...n5+|..........zw...k..Gm.y.P...w....5$.%..'.p...."....6.]&E... N..@J.^M.N...@....#m......i0$SHD.h...:R...H..q@.....g>..f..4.u....CL..L..`4..i.....b........4..${.y...P..@$..F.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\BB127ztF[1].png

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:PNG image data, 64 x 64, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):3898
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.911010874015237
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:Ko7FQSWPRyWaP5WjY6whZWzs5RnKLkAe/suge9JHFei2:r7FQSWpxauihww5Ee0uv9xFN2
                                                                                                                                                                                                                                                                                        MD5:E198B236B56A4D8D09C8204CD6DF6C16
                                                                                                                                                                                                                                                                                        SHA1:D3613C8F46C1035CC096DBF433E0D972EEBBFC06
                                                                                                                                                                                                                                                                                        SHA-256:17D55FB2B61C55BF0F743EA5F35D39D97E46E903B87E1ED74320053B68AA8FD3
                                                                                                                                                                                                                                                                                        SHA-512:EA6087892CC4EBEF4BAA63CAED9DCF87506D24E67EB32C1F5DF53BA3684D76DE7E1A1E761AB6A4098F30304459644F348690B8BCCB84CDFCBFFC40B403241406
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR...@...@......iq....KiTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c142 79.160924, 2017/07/13-01:06:39 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about=""/>. </rdf:RDF>.</x:xmpmeta>.<?xpacket end="r"?>..`.....IDATx..ytTU..?.m...T.(.!ak..mQ.....E..[...V.3.C..c.+: ....:.q..F=......vd...BV.*Im..-..+*....9......sr.w...}..~.{..?p....?.....4.bU..ta@NM.....t.+....].M...}...\...\..k...k.r.>.rm@..G@...5.....F...6 ..#..sp.v~.Q...{N..V)..I. Y..]9 ....=. U..+=.K.;..!..,.......o..X..q.. K.;...HD..!....4.,.D<.q.Hw.,.)/D.%,...B...G.p.a@.`Z..PC.4U.....H...<.{.4dI.......n.$~q.d.^.............i..mc..J.=c..e..!8....j........{0S&....f.fpY..i!K....fO.x54Uf....6$t..>.FO.P]..i..n.xt......E.4...(.7..w.$.....`...A@8F.. /<07S7...Y..............Z#.|.FS'...=7...u..7.../|.o.|....QI.F.._.3i|Y..7.q..+..q..Y.e.@..G.j."..._

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\BBNvr53[1].png

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):592
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.578589676001941
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:6v/78+QOTZD7cechojiorckcpFwDSAFGSEpMFC2Cmw8qTavN+M8MIQ7LLiQp:jsZbchoj/4peK6FDBwQV98gP/
                                                                                                                                                                                                                                                                                        MD5:4124D5FD304564D77589DED83FE598BF
                                                                                                                                                                                                                                                                                        SHA1:8AC689BD506AF7312E8FBB06AF3A215B9A609A23
                                                                                                                                                                                                                                                                                        SHA-256:BA66F541FD81AC7C99D86BAC4CF071C9F0000F408B7487AFC1BD5E35E20B87FC
                                                                                                                                                                                                                                                                                        SHA-512:4F490E4ADE3C0AE6C117C92BDF8266D29D1B1FB2A80510EFD447BA228B9939DF3C70320FBB5ACF1CE6B2D5646B6CC45EB2C45DC7D26CB28C002CC4C145016BFC
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR................a....gAMA......a.....IDAT8....kTQ....e.IX...F!Z...H...`'.....`ai...`!v1....(.`t....V#Y\.....5Q..y... ...f..{.{..v#.$K..1..i....U.\t.[\s.trB..v.v..4kU?._...&.l.Qy.n%..n...V}..Q....)......q5.W.U..-...N..S....>..a..l.....`a._..d..q2..c.G...0........xl'\.......1b..UP...BF.v.h^.....:..v....VU..MQL......[...w.awV.._....+...T.<o^.z..'..vt..AI09..9..J....U.Y]...7.Q..@......!...v3)y.z.....>......T.WuF...H....U...g%e..<y.....b.O.6.]7l.5/...o.E?(.5..]..;..1..?..H.t.D.u?...........Y.0..v.ii+y.:..B.2.Z.j.{...R...u..[......r....IEND.B`.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\Icon[1].png

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:PNG image data, 60 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):533
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.415663553371965
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:6v/7Ya7/6Ts/o7hJW8/t8oX8qUkUGGVIXC/zoZ3VYZwWSVR:E/6pzWK+q/UGGMC/zw3oGVR
                                                                                                                                                                                                                                                                                        MD5:B6162D100379E7F4EF709BA5C26D1BA8
                                                                                                                                                                                                                                                                                        SHA1:AEA4244C56F00AA26064134863157A6EE9D7ABB9
                                                                                                                                                                                                                                                                                        SHA-256:DCA74022BEBB4F12F8EFADD226C9413CAFFF9193420D604DE8A398642172AACA
                                                                                                                                                                                                                                                                                        SHA-512:CC64207C45F85255F34A157C9370A46EBD4A2B3A674E639838EF7582FD93D68F91A275C577E2FC9A46674EC765D8CC43A5BE28B281FCD5006D38D0C6F02E2058
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR...<... .....N.......pHYs.................sRGB.........gAMA......a.....IDATx..=O.1....$....1..7.....p32..)..Yw..p..IL.$qT'......1.#.h..j.5...9...~...w.....oe.....]8,..|..........``.$a.K.&Lq........D,D..8e.c.....fQ...u..%.(..b..8A......,>@6....Y*...9.(...d7........,!zr.N...T}.....j...NY'..|.=N2Q&<?3....@..-.e.h....F#..2.v...n..!-.e..&........%.e........y.c.y,.e........4'40.t"...B.........D.../[D..6j....^>.....g...3...5<Hv.H../M.+Y`.......OXw<a.al..aF.@.../.E....=;S.K....s.......IEND.B`.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\ie-image[1].png

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:PNG image data, 1260 x 293, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):39155
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.8985187905985486
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:768:c3+SnZXFurjYW0X0RJ/Dd18i72A/qcQ6Nj2CG+CiTZ2co4IXnmDt:DSnZXFuPSX0f837cQnCG+3WZXmx
                                                                                                                                                                                                                                                                                        MD5:E161E2045A32E4513E81954B1D83B953
                                                                                                                                                                                                                                                                                        SHA1:0A06306203C286B8C342CFD856C1EE3F16728C7E
                                                                                                                                                                                                                                                                                        SHA-256:7A344D69BC6657592E6041F0ED4F53F56ABA90B97EBD94559198B1D059DC7F64
                                                                                                                                                                                                                                                                                        SHA-512:7C7E5C2D2A0DF749BB4B52F2E8042829AE8ADD4F242674E13C14FEC436E56D7B173318D8408DD5A33462D38BC1FD2AD932B2060994B5A0C46F4B4BA89922437F
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR.......%.....W.}^....pHYs.................sRGB.........gAMA......a.....IDATx.....diz..}.c._..W.7..Nc\..,@...]I w..")..DI+.!.6......A?2......pI`....{.........&.9...s2o...2Y5..0;.I{O..|.<.#...?. """""""".............&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........&..;"""""""".............h.0.#"""""""". .........

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\th[1].jpg

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 620x304, components 3
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):27689
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.964721877664426
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:768:REQFqPpJqVq5+rarGr0GYZyMrTo1d2eP6ARg:REQ4vqs58ar9GY7w1dJg
                                                                                                                                                                                                                                                                                        MD5:C554FE6615AAA3A4229F0B219D204322
                                                                                                                                                                                                                                                                                        SHA1:B190B16CC790A27E6F5A3A25E681F76B25573707
                                                                                                                                                                                                                                                                                        SHA-256:E1229EEF8284F47DE6F215CD626065EEED136B29E6397375538EFC4742355ADE
                                                                                                                                                                                                                                                                                        SHA-512:EB50BF096A3380961F444AFCA79520D1E965FBEF4477EF9E62035F4004180B18A2087B497A95CDB0C5D56AA2D25D338E1D7B08554676C35C4DF1CC95084E188E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:......JFIF.....`.`.....C....................................................................C.......................................................................0.l.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..Gh+U.!.jKYA.S.....G..1.\........P ......Zr.n.N...H...?.b.~*.,.8.......).kH..\n.............J.@....R..Z%....P.....1S.v.B.R(.D.<..Sd}..?.::.&L~.$....z...R.-...o .d)".A2..h.......*..".%.1.d....Fv.*..."...CPh=q.8.GjzD..X...'?..I+.Ax.P.X...Eo..iv...8...3...YG....*.....:..J2j..1K.LwU...9.....No..(..%....9..4...[-.C.1K....&2).N*.........5I..D.W...4*.].4.&3F.tjy.?m.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\th[2].jpg

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):11375
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.958583218592413
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:SZaxyOltvBJpc4D/BfYyHkz0BBGXahKELUCIgvs+JHpN6xjjF:SZZYtvdc4NTkzEBGq0EYxgE+tpN6j
                                                                                                                                                                                                                                                                                        MD5:A222DF436253E028D10165852DC721BE
                                                                                                                                                                                                                                                                                        SHA1:2F4F68EEE89D1CEF577887E7CCAC19CF7312364F
                                                                                                                                                                                                                                                                                        SHA-256:2B6019AD2A39BABCF15378A8D3F97B61B20EEA7A7AAAB9C35AF0339B805CDA2E
                                                                                                                                                                                                                                                                                        SHA-512:E70396BE7698798D69CFC8EFF5DC3A4ED8A14E89E06B80B8853894EF6461E9551764E732E9AB9382B819557F3B288DD738A4FA7DFB3C432B13097B1C6977CA56
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..8..Z.i.*..b..0...i.cVf..aU...r1.....h.>. .......l..S..APT~....d....~..V..&CB......R..p...jh.J...?.O}..{iy...&9A.?Q..T.(_....S*..`.g.bz.{T.X..;/...5.h.p.z..^,....Xh........c...q.9'..q.z...n...2,c..E.S.....Z2....m>..q..E.-....V.5&.>....d.Z...C..# .A.....T..6.....=i..K.)...a....k..]...K!....G.6...9...>Y..t{k..F.......|.e..L.........u..|A..._x.S9.....?*/EE.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ATCVA5TX\th[3].jpg

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):16168
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.965831029506723
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:384:S0us7LrsE1z4jGu/fXYvClknbmLetfflFYX:Su7sEW//fX5lkGmflFYX
                                                                                                                                                                                                                                                                                        MD5:0609EEE60F08E80D4D549E07CACEF4AD
                                                                                                                                                                                                                                                                                        SHA1:E8BAC78F2A0B6D0129B3F3098741336E2A8D0670
                                                                                                                                                                                                                                                                                        SHA-256:983D267CA1474A21E88B856EEDC8A90C82FE1D5F2C5C23082D1090397823DA1D
                                                                                                                                                                                                                                                                                        SHA-512:A629D3DE1810BC58A3A993858BF2B0875BA2820BD0BA4CADB3A1040D9498A7CC77CA32FC04CDB3CEF623E46F0901060686815E272A2D1774C6FE87D8B5F40E6E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..s\.[...R .J....V...]F.../$..........?*..Aqy..r..2...$..TqO".J._.H'......{..^.}....i...(..y..A$c.`.Vk....e$w2(.C...Z.e.._h.veb1.d..B+OE..mI,mu1.r..;.09#..zt.......]C*...%..~............`..\,.3...s.~`q.]..>.........f..n....v..<.Vg.<9sa....<...K)>....s....-kK..WF.O..d.s..b.@.9.UV.kXa......,BB...H!~..Q.]'.L......l|.....n.]]...p..W.$...h...z......i.6.].d..-}$Q

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\AA12I8qo[1].png

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:PNG image data, 96 x 96, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1287
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.753286328828527
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:Qkmkb13K52UTcyiUJlRq85hww6qJyPGbh166BaK23P:Qkm613KsE+oLDBrJyPGbD66d23P
                                                                                                                                                                                                                                                                                        MD5:9B8059391E9315D157357A18A6A0191B
                                                                                                                                                                                                                                                                                        SHA1:C466111C02D867C05CD522F2F362CFC23FA22B9C
                                                                                                                                                                                                                                                                                        SHA-256:379BC8D28440A12EA8A540917610C7B6A2B865CDA7275285FF922D69CF46B5E7
                                                                                                                                                                                                                                                                                        SHA-512:CB19000C7425C1CF8DDA9A8D10DC220D4961D34AD9B837E4DABF2C649D57223F0497D344671782E4F4782BDAD82B06CE702E27D67F2176168DA619985BAC5848
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR...`...`.....m..o....IDATx..]l.U..........MD.ra.h-.c....?.F.T....@..ik......6.......pC....x%....DJk.......x..-.......$.......w..U........ :R..)....@.b .1...HA.. .R..)....@.b .1P..P.<.,+.nB].p&H].rI....G...D..<..V...~;...z..w..?..%V.~c.z...B..=(.z._V.3.=\.)..-%......w1.]e..8.P7....kC.j.......nhT+.H..B4(..Zg..$J....I.W..:{..S....VC...74.....^,..6X.....8.jX.W.._.~E.....w. .....e..x...kB....z...3..?..m...z....d.......g.D....n...q;GNo.3N|...%.._V.i~.....!.@p.E.k.[.(..D.lW......$H..Q$A./Z....jz.K........-.G8A.B5....P........q..-.a.)..u.U.a."..../..4.Q..X.....{........$, . .....+)...^..+.U..fz. ...-$.....#n..j_..z.Pe..O....ts....w..B.........F7..(Zq1...{.q..w.._.,.Zk......T.H....,.<.h.g.>...........f......%7...l*T.&..ykrr:Vo.S...f....S..~#j..A1........C9I':.......t..NO.......,..b..e}g..I[c..7..Y...B/.@...8}.....!...7.b..N.c.......m.pz.E....8...... =p$..A..s.K.......M...B:...q..W.O.`...;....E.......{.P..... ......-.....

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\AAADLcm[1].png

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2028
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.306500356096832
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:f6vnL+wuJ3wnsFJCI/zbSadl1V4iyyUGoZKSd6/L9:apLOsIZdZ4ihUTZQh
                                                                                                                                                                                                                                                                                        MD5:9C91E2926EAB90A81E459E40E0FA1BFA
                                                                                                                                                                                                                                                                                        SHA1:CEE86668D768D0FEE993D28FF27773485A317A9A
                                                                                                                                                                                                                                                                                        SHA-256:55C49CD89E92A67BBAE6EDEFA5C8149776CBF878A0770ACC74F0A85CA09F7E50
                                                                                                                                                                                                                                                                                        SHA-512:4BAC165C0F22937A1374A601B9D9F59309FB0C6EE2785314BDFE81537B800B69F58F5F9FCD07C1CD14942638BA9BE0D3E2E9799F2541A29FDE95FF3AD982F85D
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR... ... .....szz.....tEXtSoftware.Adobe ImageReadyq.e<...ziTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c140 79.160451, 2017/05/06-01:08:21 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:da9d199c-5da6-4bd9-8b51-825c36c876ed" xmpMM:DocumentID="xmp.did:BA39E74AB90E11E8812E96E90AF5A761" xmpMM:InstanceID="xmp.iid:C0940E64B90D11E8812E96E90AF5A761" xmp:CreatorTool="Adobe Photoshop CC 2015.5 (Macintosh)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:1bebd310-2b95-4f81-82e6-b4f255988ba5" stRef:documentID="xmp.did:da9d199c-5da6-4bd9-8b51-825c36c876ed"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..6....IDATx..yH.A..wsM3.p..L.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\AAywOab[1].png

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):18737
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.2627728137161602
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:bSDZ/I09Da01l+gmkyTt6Hk8nTKkEWmHjxNXrNXNsc5MVNkvBs6c3:bSDS0tKg9E05TKk615UNa7G
                                                                                                                                                                                                                                                                                        MD5:030939BCC37975289457F6A19A301A35
                                                                                                                                                                                                                                                                                        SHA1:89D55A45787FE9DD547BE9CD1D97C9A8F641E338
                                                                                                                                                                                                                                                                                        SHA-256:D5D6DF229AC67CDE4B39D275955E4A279BBD7F922855D10B44F5701E6AA3CC64
                                                                                                                                                                                                                                                                                        SHA-512:21973881EF4C8EE777A1EA5570418439DB32EEF3B83B1FE468749B5C7669B82B19DF6568531C0155ABA929A2928E88DCDB654E1DE8F3966228C279E91C120E9E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR................a....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\.....t.8K....@z.B..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..(.I.+.6a.a.@..y..2.4..............x.....6..._-..."bb....p@...t~..,/...;..m..%..h^..u..f..@.....W.p.~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/.@.4.Qh..p...U..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Icon[1].png

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:PNG image data, 60 x 32, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):533
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.415663553371965
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:6v/7Ya7/6Ts/o7hJW8/t8oX8qUkUGGVIXC/zoZ3VYZwWSVR:E/6pzWK+q/UGGMC/zw3oGVR
                                                                                                                                                                                                                                                                                        MD5:B6162D100379E7F4EF709BA5C26D1BA8
                                                                                                                                                                                                                                                                                        SHA1:AEA4244C56F00AA26064134863157A6EE9D7ABB9
                                                                                                                                                                                                                                                                                        SHA-256:DCA74022BEBB4F12F8EFADD226C9413CAFFF9193420D604DE8A398642172AACA
                                                                                                                                                                                                                                                                                        SHA-512:CC64207C45F85255F34A157C9370A46EBD4A2B3A674E639838EF7582FD93D68F91A275C577E2FC9A46674EC765D8CC43A5BE28B281FCD5006D38D0C6F02E2058
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR...<... .....N.......pHYs.................sRGB.........gAMA......a.....IDATx..=O.1....$....1..7.....p32..)..Yw..p..IL.$qT'......1.#.h..j.5...9...~...w.....oe.....]8,..|..........``.$a.K.&Lq........D,D..8e.c.....fQ...u..%.(..b..8A......,>@6....Y*...9.(...d7........,!zr.N...T}.....j...NY'..|.=N2Q&<?3....@..-.e.h....F#..2.v...n..!-.e..&........%.e........y.c.y,.e........4'40.t"...B.........D.../[D..6j....^>.....g...3...5<Hv.H../M.+Y`.......OXw<a.al..aF.@.../.E....=;S.K....s.......IEND.B`.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\XUTTR6TU.htm

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:HTML document, ASCII text, with very long lines (58029), with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):193495
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.451487554433939
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3072:IZU9PydBFOGFxiq6nI8khsNyh/P9OZ8TixYB:P9PyAGFxx6I8hNyhX91OxYB
                                                                                                                                                                                                                                                                                        MD5:79EC982BCE97351C2D2605E1C052087C
                                                                                                                                                                                                                                                                                        SHA1:18C323EAF972D451070B5622679A373CB62345C7
                                                                                                                                                                                                                                                                                        SHA-256:9256C8A0DDEDD8CC6D10FB54CCE99EEDE032A4E409EF00666D9D459F3509F741
                                                                                                                                                                                                                                                                                        SHA-512:D5AE0E632FFAF19CD7A36B8D432115518861C593BBC1563BFBCFD8968A947A69471DCC50931E2581DA7F47AEA480265B77A2C8A5D4B3C9D82BE26B2389121722
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:<!DOCTYPE html>..<html lang="en-us" dir="ltr" >..<head data-info="f:msnallexpusers,prg-sp-liveapi,prg-fin-compof,prg-fin-hpoflio,prg-fin-poflio,xads-adqiscbmm-t,prg-infop-ads-dl-t2,prg-ad-c-stab-bn,prg-c-stab-bn,prg-1s-dwvid-t1,1s-p1-dwls,1s-p2-dwls,prg-1sw-nocooldown,prg-pr1-videos,prg-pr2-videos,prg-vid-dwlscache,prg-1sw-sageex3b,prg-1sw-sa-maiprofile_c,prg-1sw-sa-encomboc,prg-1sw-tmuidsyncrfwoerr,prg-1sw-refreshp,prg-1sw-tmuid1ssync,1sw-tpsn-dstprg1dcy7-t,1s-tpsn-dstdcy7,1s-tpsnp1-dtdc,prg-1sw-defercon,2409-new-bing-design-c,routegraphexp,prg-adspeek,prg-1sw-revenue04,prg-pr2-widget-tab,prg-pr2-trdischi2,prg-pr2-trdischi,btie-msnlkddisc,1s-fcrypt,1s-ntf1-octcontrol,prg-upsaip-w1-t,cg-profile-v2-ctr,1s-rpssecautht,jj_fac_t,1s-ntf2-rdid3,1s-ntf2-fsptbrc,1s-ntf2-pnots,1s-ntf2-rdidx3,prg-p2-ts4cold,prg-pr2-monexpb,prg-pr2-monexpbf,prg-pr2-pnotia,prg-pr2-butterflylogo,traffic-pr2-ins-ncmi,prg-p2-tfins,prg-pr2-add-event,prg-pr2-add-pred,prg-pr2-insiclp-pri,prg-pr2-tfins-lim,prg-pr2-tfins-

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\Y7CDZCV3.htm

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:HTML document, ASCII text, with very long lines (58029), with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):193495
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.451488752307515
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3072:IZJ9PydBFOGFxiq6nI8khsNyh/P9OZ8TixYB:i9PyAGFxx6I8hNyhX91OxYB
                                                                                                                                                                                                                                                                                        MD5:349F2ECCF8F1AFE5DF3A75B1193D6ED9
                                                                                                                                                                                                                                                                                        SHA1:82799EF489B1E9C72FA06079F417A226EA5EB088
                                                                                                                                                                                                                                                                                        SHA-256:21A44F14BEAF169A9867AECE4B73D87DF79CB06B927E2DA6341BB1CB8D2FE28F
                                                                                                                                                                                                                                                                                        SHA-512:0EE9133A78A9EAC5DF09984CCB0C4FBA5EE3EE1136E6F66CB8624F836087B9B81CB0A5B80C0FD769A7D7341F94D73FA4DAE5EAACBB6AAC5447C760D3379A48AB
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:<!DOCTYPE html>..<html lang="en-us" dir="ltr" >..<head data-info="f:msnallexpusers,prg-sp-liveapi,prg-fin-compof,prg-fin-hpoflio,prg-fin-poflio,xads-adqiscbmm-t,prg-infop-ads-dl-t2,prg-ad-c-stab-bn,prg-c-stab-bn,prg-1s-dwvid-t1,1s-p1-dwls,1s-p2-dwls,prg-1sw-nocooldown,prg-pr1-videos,prg-pr2-videos,prg-vid-dwlscache,prg-1sw-sageex3b,prg-1sw-sa-maiprofile_c,prg-1sw-sa-encomboc,prg-1sw-tmuidsyncrfwoerr,prg-1sw-refreshp,prg-1sw-tmuid1ssync,1sw-tpsn-dstprg1dcy7-t,1s-tpsn-dstdcy7,1s-tpsnp1-dtdc,prg-1sw-defercon,2409-new-bing-design-c,routegraphexp,prg-adspeek,prg-1sw-revenue04,prg-pr2-widget-tab,prg-pr2-trdischi2,prg-pr2-trdischi,btie-msnlkddisc,1s-fcrypt,1s-ntf1-octcontrol,prg-upsaip-w1-t,cg-profile-v2-ctr,1s-rpssecautht,jj_fac_t,1s-ntf2-rdid3,1s-ntf2-fsptbrc,1s-ntf2-pnots,1s-ntf2-rdidx3,prg-p2-ts4cold,prg-pr2-monexpb,prg-pr2-monexpbf,prg-pr2-pnotia,prg-pr2-butterflylogo,traffic-pr2-ins-ncmi,prg-p2-tfins,prg-pr2-add-event,prg-pr2-add-pred,prg-pr2-insiclp-pri,prg-pr2-tfins-lim,prg-pr2-tfins-

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\ast[1].js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):149741
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.369311179888439
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:Hz55ZowUSwJUDwK2O7YZ7CV72aXflUgxuZ2BYLgwmjrXwRb1zOGYXJXzC00mJewh:tLoHSsyHw76lUa3KYjkjOGQC00MRuK5f
                                                                                                                                                                                                                                                                                        MD5:BB3B39AE9D534552B5B772A8A966E240
                                                                                                                                                                                                                                                                                        SHA1:C265C88D6F14BE5F3B1A54F54B61A4DCEE2FCE6F
                                                                                                                                                                                                                                                                                        SHA-256:265195B99C4B69FC6E4DF429351B0A60C838F033C182CD46E4BD3689EE67E342
                                                                                                                                                                                                                                                                                        SHA-512:A06ABD69276BD303524B905BD39FEC7E2562178F47377B0FC95F5755435436592B1C596981276E2FBEB6A77439A68475A7C066875CAB5D73B954107A18B6D81E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:/*! AST v0.66.0 Updated: 2024-11-18 */!function(e){var t={};function n(a){if(t[a])return t[a].exports;var r=t[a]={i:a,l:!1,exports:{}};return e[a].call(r.exports,r,r.exports,n),r.l=!0,r.exports}n.m=e,n.c=t,n.d=function(e,t,a){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:a})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var a=Object.create(null);if(n.r(a),Object.defineProperty(a,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)n.d(a,r,function(t){return e[t]}.bind(null,r));return a},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="",n(n.s=9)}([function(e){e.exports=JSON.parse('{"o":{"UT_IFRAME

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\desktop-shape[1].png

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:PNG image data, 7 x 13, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):197
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.986656121330302
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:yionv//thPlyyta2/uDlhlp8Lts7CX9/2yx24lSXqU3hjg/BFCb0cCHxlbVdMaW9:6v/lhP1b/6TsR/R0Zjgz89CXVdMndp
                                                                                                                                                                                                                                                                                        MD5:34760615AB0C180EB4B48739297FD0F2
                                                                                                                                                                                                                                                                                        SHA1:789438D09CC27A08879B1A9686C82527270E7C24
                                                                                                                                                                                                                                                                                        SHA-256:360C33D59E7358579601909D4CE91F1BCABF9E07BEB8F69D50C226D7D8F91260
                                                                                                                                                                                                                                                                                        SHA-512:1CE7E574D45D123C6B52119907E74D71B842F1CC380D79AEF876FDBC9FDB663F385BB4191650813D2E66EFE24265FD36EC944AF95F372C0413EDCF11361CA666
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............e.t.....pHYs.................sRGB.........gAMA......a....ZIDATx......@.EA.`...U..1\.......X]...G..{..HU.4Uj.`..O .3;..\..!3...q....[s./.@@..p...>.`(k..2.....IEND.B`.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\jquery-3.6.3.min[1].js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65447)
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):89947
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.290839266829335
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:ENjxXU9rnxD9o5EZxkMVC6YLtg7HtDuU3zh8cmnPMEgWzJvBQUmkm4M5gPtcNRQK:EcqmCU3zhINzfmR4lb3e34UQ47GKL
                                                                                                                                                                                                                                                                                        MD5:CF2FBBF84281D9ECBFFB4993203D543B
                                                                                                                                                                                                                                                                                        SHA1:832A6A4E86DAF38B1975D705C5DE5D9E5F5844BC
                                                                                                                                                                                                                                                                                        SHA-256:A6F3F0FAEA4B3D48E03176341BEF0ED3151FFBF226D4C6635F1C6039C0500575
                                                                                                                                                                                                                                                                                        SHA-512:493A1FE319B5C2091F9BB85E5AA149567E7C1E6DC4B52DF55C569A81A6BC54C45E097024427259FA3132F0F082FE24F5F1D172F7959C131347153A8BCA9EF679
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:/*! jQuery v3.6.3 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,y=n.hasOwnProperty,a=y.toString,l=a.call(Object),v={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},S=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||S).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\me[1].json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):128487
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.317845965286923
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:eyvrEsrsDKYDsy2/1KX3SA8HA8FfA8FRcYcQcd4zIRRIzRcRIll1FJFFYFFB1laZ:eyvYsrsDKYDssXCHNPDLxS2RcUVkF1lS
                                                                                                                                                                                                                                                                                        MD5:53B37EF57FA00698F7546CA80BFFF72E
                                                                                                                                                                                                                                                                                        SHA1:FFFF50ECDAEB7482D20D62DAE29071391EC6D1D5
                                                                                                                                                                                                                                                                                        SHA-256:6F81BA0B6EC61D0C0A0A734B6A6D102E99778312ED8681E62917110850143ADA
                                                                                                                                                                                                                                                                                        SHA-512:15331F7A2C035A7E890AB128096BCE181FD455E3281817B19AE030325C142C9049894ED56563296AD18CAAD34E952BE011728F571DBA4F5D689038A24524C9A7
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"nextPageUrl":"https://api.msn.com:443/msn/Feed/me?$top=32&delta=True&session=d2be5347-2bf0-484f-b5e2-51090a3be303&$filter=_t eq 'CompositeCard'&contentType=article,video,slideshow,link,content360&infopaneCount=24&queryType=myfeed&location=47.7159|-122.204&ocid=msndl&apikey=Io4orNtwRr08vQQBER8stWzJbGltMJzMwkmiMOv9z3&activityId=7FF05383-E874-420B-A4A9-263700520B95&responseSchema=cardview&cm=en-us&timeOut=1000&WrapOData=false&DisableTypeSerialization=true","subCards":[{"type":"infopane","subCards":[{"id":"AA1uobOY","type":"article","title":".Multiple day outage. says PSE as 650k still without power throughout Western Washington","abstract":"Over half a million are now without power as the Pacific storm moves through Western Washington.","readTimeMin":2,"url":"https://www.kiro7.com/news/local/power-outages-rise-strong-pacific-storm-moves-into-washington/OQ4PO2AEQZGZ5JZPEVEIUGCR64/","locale":"en-us","isLocalContent":true,"financeMetadata":{"stocks":[],"sentimentRatings":[{"topic":"wf_

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\th[1].jpg

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):15708
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.964130488467762
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:384:SLTF9w+Iv20o5jedGbkSuFyH3EbioadJk6+R3GgedU:SLBgV1drSsyH3nFn+8hU
                                                                                                                                                                                                                                                                                        MD5:25587AAE6D457CF923A59239210ED078
                                                                                                                                                                                                                                                                                        SHA1:9A0B0C37B05F42C69623877238CF78678A3D8B6A
                                                                                                                                                                                                                                                                                        SHA-256:05B8EED46A08CAEBA9B695C977A11C96BE1B4D4F22F16A1CC77E27C28DE5DFC6
                                                                                                                                                                                                                                                                                        SHA-512:CB386B31D0D4D00E451F4C769FEB3A53176BF9C30186E3CE066E88B873E370C96CF25CCA7E09A2090D42CE6D16D5AEB92AEE0DE85FEBC80A0D924FB19F48860C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..:.c.5~.S......{..`:.m......^.....}..~\r*...5...U.s.psW.....V..6.kV..V..*.tG)\.../.-YB....0W.....D..N.F.Uy>\.T8.Zm...._.].E..i...`.......Y.k....O..{+.!..Mr.\...8.......t-I..'...`.Z.Kg.M.(.O5v........R.....'@x.\....F.*hc=s..?g...GE{.)Yw.x........-......~0...l!.6.m....5p.....W,%u?.?.K..P..Y.<..m./.u.....[8..5.w..0.]>.3.$...V....f.:..{zb..,.g.O,..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\th[2].jpg

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):16446
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.958732696813221
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:384:S19irK55EVZIHjdOtsyu0WOAALBKkxmymlsF7b/Jd7/KRTrGCZVC:S1QG55o6jAsybtQKmyFfhFiJrC
                                                                                                                                                                                                                                                                                        MD5:4E8484678573F982FFC92B40239CDE1F
                                                                                                                                                                                                                                                                                        SHA1:CBA4B37674574F2EEF5B3A2FD4669CBA80F178D1
                                                                                                                                                                                                                                                                                        SHA-256:1C6279B3E007EB6A66C1760DA66A4F36D1C3C49C7BA39816504117144688FE4C
                                                                                                                                                                                                                                                                                        SHA-512:1C46537AD068889232386BAA4E6A49C837A049EC176626CD6070E1833C15FC1C09DD1DA78A6B27651CE24ED04CD2460EE9EAFF88B57774F8B177E38C6AC8B7B1
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......0h...(..PI.........fLu.C....wc%..U.bp=J.u.$...8...........c..._......u[x.nr.u!@?S.'..*u]...Q..8.+.._.6:j.<.R^.P.I.m.1.......d......}....).P.N.5i.G..m.?*4b.yw....#`......k8.c..).n..4WI.?.jZ....LCI.9...2..:.7^|.(;I.Q....(..aE.P...K.....n.c)....Z....0y..I.....2.8........z.k.Jm..`.....D.-..H\.T...5..*.,.n3..R).=..........Ws$6....U.RH....B..k...V.....kdU.'...W

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\BEDT2L3A\th[3].jpg

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):19672
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.959603397289573
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:384:SpFIdQDuztnEW41gpfn+IUKeor631ll0gOgVqId:SvDSxMgEBoru1P0gSQ
                                                                                                                                                                                                                                                                                        MD5:B7E3CA0EE5B3455B51EC544D79FE3B42
                                                                                                                                                                                                                                                                                        SHA1:8A2F14A34FBB699534975E382938372D71745B36
                                                                                                                                                                                                                                                                                        SHA-256:E3B8CD86CEAB78B50CBC88887710C7C017EF5817EF5D1E1CFB0AD817FF86BEA5
                                                                                                                                                                                                                                                                                        SHA-512:900FE70F5E1A9B66B95CA93ECA0ADEBC8D7CBEFC30D0A4CBAAAD3DB2EB9BF86FC59C10BA7EC5C379C6269B813F0364922E80713167547EF839C6C06EE17D6C6A
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..o.x......}k._a.7s.K.Z...'.....Dl.g.."nU..I.~..O..hp.hx.P....TRZ.h...h.vu.B6....C..%........g.....eIS...t.[..}.g.f...w....%....M.Nh4..@..Z.5.s...I.(.c!. .=>O.<`.n#.2p.....b.(4.\.xN8.r....;...W..W.&....2..:...mn....'........F.j..x.F....@.....|x.6.aur.9..O....CZ.%...A..w.......b.....1.B..~.W?..6.;y.[x.*s.(.q.51..;X.UR.\..9....fb.Jw...c...k...&...9....(.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\58KCOBTH.htm

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:HTML document, ASCII text, with very long lines (58029), with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):179214
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.458676592886196
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:IZXVH5vVU3WyrQ8rjBFjyFEFxvKqNcntvuHLPc5AglpG4g6UsNgW8ua/tt9OZ8+F:IZJ9PydBFOGFxiq6nI8khsNyh/P9OZ88
                                                                                                                                                                                                                                                                                        MD5:45A9EAD089AE4B7B7D38CF6AAE07FA95
                                                                                                                                                                                                                                                                                        SHA1:954AC3141DE816E26FE4027CCE49BCDEEAC58174
                                                                                                                                                                                                                                                                                        SHA-256:35F6D63A2C96EA02F9D8C9E642FCAA57E328FCE164C26155ADC24ACDDF015248
                                                                                                                                                                                                                                                                                        SHA-512:44B492A41DD1AB9EEAEC94BA9DEFAB7501C164111008D194572FBAD77071C978017D655F05F20969791E8AF2A49CEBCBF6BD7A5D7AF2EE0E3739A964C4CB3FE5
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:<!DOCTYPE html>..<html lang="en-us" dir="ltr" >..<head data-info="f:msnallexpusers,prg-sp-liveapi,prg-fin-compof,prg-fin-hpoflio,prg-fin-poflio,xads-adqiscbmm-t,prg-infop-ads-dl-t2,prg-ad-c-stab-bn,prg-c-stab-bn,prg-1s-dwvid-t1,1s-p1-dwls,1s-p2-dwls,prg-1sw-nocooldown,prg-pr1-videos,prg-pr2-videos,prg-vid-dwlscache,prg-1sw-sageex3b,prg-1sw-sa-maiprofile_c,prg-1sw-sa-encomboc,prg-1sw-tmuidsyncrfwoerr,prg-1sw-refreshp,prg-1sw-tmuid1ssync,1sw-tpsn-dstprg1dcy7-t,1s-tpsn-dstdcy7,1s-tpsnp1-dtdc,prg-1sw-defercon,2409-new-bing-design-c,routegraphexp,prg-adspeek,prg-1sw-revenue04,prg-pr2-widget-tab,prg-pr2-trdischi2,prg-pr2-trdischi,btie-msnlkddisc,1s-fcrypt,1s-ntf1-octcontrol,prg-upsaip-w1-t,cg-profile-v2-ctr,1s-rpssecautht,jj_fac_t,1s-ntf2-rdid3,1s-ntf2-fsptbrc,1s-ntf2-pnots,1s-ntf2-rdidx3,prg-p2-ts4cold,prg-pr2-monexpb,prg-pr2-monexpbf,prg-pr2-pnotia,prg-pr2-butterflylogo,traffic-pr2-ins-ncmi,prg-p2-tfins,prg-pr2-add-event,prg-pr2-add-pred,prg-pr2-insiclp-pri,prg-pr2-tfins-lim,prg-pr2-tfins-

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\AA1jly9f[1].png

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):405
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.210520499858802
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:6v/lhPkR/C+nyke1I1bDhfWTOnJNGflEHdYo93zyW0X22PrmLo2qufrYXup:6v/78/UIFdcOJWad/ycCraq+rYs
                                                                                                                                                                                                                                                                                        MD5:C549DF847E13659AF701C4E359AAF61C
                                                                                                                                                                                                                                                                                        SHA1:88C4025B41357295948213E0F5BA7C95B30731B4
                                                                                                                                                                                                                                                                                        SHA-256:38D0FE0FE42DABD600CD0F434AA7138A11425B0F675EE7C4EE350C2D3ED67CBB
                                                                                                                                                                                                                                                                                        SHA-512:1D3E1A08F171EFE02161F6A672A2DEF35B35967E47E0D58CC71B93FF4758387984A96A59EC99FC8C122FCAC1F7912D9E7685808F9889D80A3A24CA6B15651ADB
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR................a....sRGB.........gAMA......a.....pHYs..........o.d...*IDAT8O.Q.J.Q.=...T"~.[.He..>.RF.:h...|.j.w.n..(b)..J+u......c "..803g......B.N..W.GHv".>qF.s....t|\....l....9..C\.\..c..X.Y..Sm.1.6.g..In^"....H.........Cg..^........A.W0...v.G.d{,.@*JS..T3..zEa....1....?.xt.....Kf.x.s.O..ug......3.~.......*...H.>d.....!...w6c.V#.W...................@#n.....IEND.B`.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\AA1uakBE[1].jpg

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.435197255585472
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:384:fnVmN82w1cDYFgSvq0gsb2NRoaL1HAIFjp3quLRUePWBmr:fn4N8Tqc3bgPNRoadRlq21z
                                                                                                                                                                                                                                                                                        MD5:EA2CA080D93159D70CCEB2C6CC9376C4
                                                                                                                                                                                                                                                                                        SHA1:191DC693B6612D7724D3AD8F4751E93B81F5B292
                                                                                                                                                                                                                                                                                        SHA-256:BF0AB89EF04CA01E01920359FC92A6ACDFD5A51E462C9BC01110812728763C1F
                                                                                                                                                                                                                                                                                        SHA-512:043B1B13474D8AC7E5C4140205EED370C07923283115688A8F13C66D162DB9ACF94E1A41C00E147369BC32102EAFD5B47A20D95A67CB4AF7FC1CBF9B6D04887C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:......JFIF.....`.`..........,...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..........................................................................................................................................................................................................................?...!..w..Ji..f.......&.joS.gwq.Hl.%..*D..4lW.3..jrOrnz-...:.O3._.$cr.0=...].r[2.G..|A....., ....3._x.8|..xYq.r3..=R.{u;)..U]-..O..^.4.f..}A.....v..>>.....Z...wBJ.F.,o.-n.g]J.....6@...F@.uS...R..J...7......1.,f?.......R3.~.]Z5..h.....?..J.M.....D.w.qP.\.L.....'.....x..._-.#.....Cm...+K.f..k{..W......6.!MX......=...n(.....J........2f.>:c.V.3!Y......H.L...[#....Q...._x#.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\AAUzf9j[1].png

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:PNG image data, 96 x 96, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):3285
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.705080384196564
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:QT2HmAJ81sGZxBXaosSrVJd8XIlJeOh4eb:Q4LksOrXaosSjoCJeOhRb
                                                                                                                                                                                                                                                                                        MD5:9C2E563A6D004BC3AC3ED6EABB787730
                                                                                                                                                                                                                                                                                        SHA1:6F714001D3256BF24DFB1301BE7A520C5189C92D
                                                                                                                                                                                                                                                                                        SHA-256:09C2B661E297ECD44D1BAA8E11F7A919B1F5DB134F5C8849A7BFB109B5389464
                                                                                                                                                                                                                                                                                        SHA-512:589570D5DFA10EBA18AAC0724A3A42BDC336DC9EBEBA175D5276D801790800438CDB2A8A2B320DF2E8CCFDFC9B06D348DE4A259D08D88380DA0BC79F82B67AF2
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR...`...`.....m..o....tEXtSoftware.Adobe ImageReadyq.e<...*iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.2-c001 63.139439, 2010/10/12-08:45:30 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop Elements 11.0 Windows" xmpMM:InstanceID="xmp.iid:F1BC41989B0411ECA518C123D09AFFBF" xmpMM:DocumentID="xmp.did:F1BC41999B0411ECA518C123D09AFFBF"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F1BC41969B0411ECA518C123D09AFFBF" stRef:documentID="xmp.did:F1BC41979B0411ECA518C123D09AFFBF"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.:.O...AIDATx..{.\U.....s..ngfw...ni...7.Ha.V....J....1&..C..l.... .E"*../.$..J...........nw;3....s.EK.cI

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\BBERG9W[1].png

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1622
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.2063127622287535
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:U1hfvWwjx82lY2T3JVdpz4lpzayJ3VrpzB/pzfGtok3xWZezJLNKhhNXoYcrpbeT:aANn2NlzuzhJ3rzbzfPIxV5kh94eZfx/
                                                                                                                                                                                                                                                                                        MD5:7B1B36B2F81E70D9C22B34EA45D2579D
                                                                                                                                                                                                                                                                                        SHA1:E10ACB0952A31731F38D34AF1C02CD121784057B
                                                                                                                                                                                                                                                                                        SHA-256:A73D67096CCF12F95814A2D275D992A00DA57A4A5406A76BA09A453A8B42338E
                                                                                                                                                                                                                                                                                        SHA-512:CD23B852289F89729FB61FAE185E8CA26E86AAF128898FDD339EF6AF1AAD77A2D8EEEAA4B93C8A9687DBA73242A799601E6D2AD0C89E66C5C3F96ACFDAE42231
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<...&iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Windows)" xmpMM:InstanceID="xmp.iid:D3DE4F21C79A11E7BCDCA837188533D6" xmpMM:DocumentID="xmp.did:D3DE4F22C79A11E7BCDCA837188533D6"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D3DE4F1FC79A11E7BCDCA837188533D6" stRef:documentID="xmp.did:D3DE4F20C79A11E7BCDCA837188533D6"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.9.g....IDATx.lS]H.Q....]w.u.7..R. +.Q$..z._*.2..G)..|...%.0.%(L..'...D.!.(.P.Q..u.......;..&....;.|....|....j.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\BBI4MeJ[1].json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):4727
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.340027962594104
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:r+9cBCZkTLtaMM88FJCVlAf0shZaDrpE8zZ:r0yRIn86WAcshcFdzZ
                                                                                                                                                                                                                                                                                        MD5:FD27D7C714EA3F607AB10A74AF4287A7
                                                                                                                                                                                                                                                                                        SHA1:40D03506D9FF6BCB6D97CB734B12F228A3A2E80B
                                                                                                                                                                                                                                                                                        SHA-256:AC8EA08F28B51250772F653D10522D06FD2F21933FFC40CFA290EF52BA638017
                                                                                                                                                                                                                                                                                        SHA-512:A44D4E33BD43DBE5A73D506C12569DE6B7A327F40B7B7ECF14D18DE8A2A5EEC02971AAA47183A10BBDB0550DC84197CFF0CD2D54EFA2612284BE18FE89442A46
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"$type":"list","title":"","_isPublishingLocked":false,"_id":"BBI4MeJ","_name":"MGXStoreWebPromo (old Backfill list - DO NOT DELETE)","_sourceMetering":{"isMetered":false},"_lastEditedDateTime":"2024-11-19T19:26:34Z","_links":{"self":[{"href":"cms/api/amp/list/BBI4MeJ"}],"parent":[{"href":"cms/api/amp/section/BBREXz4"}],"children":[],"feed":[],"provider":[],"references":[{"href":"cms/api/amp/image/AA1psZ5W"},{"href":"cms/api/amp/image/AA1psWjV"},{"href":"cms/api/amp/image/AA1tXNBK"},{"href":"cms/api/amp/image/AA1uakBE"},{"href":"cms/api/amp/image/AA1sRYR3"},{"href":"cms/api/amp/image/BB1kXpez"},{"href":"cms/api/amp/image/AA1rtsRJ"},{"href":"cms/api/amp/image/AA1rtzmz"}],"section":[]},"tagEvaluationGroups":{"_tagsHash":"3145739","tags":[],"vectors":[]},"_locale":"en-us","sourceId":"BBlbsHE","keywords":[],"facets":[],"labels":{"category":[]},"list":[{"link":{"href":"https://www.lendingtree.com/?splitterid=home-equity&cproduct=homeequity&cchannel=content&csource=tradingdesk&esourceid=6475

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\BBO6J5d[1].png

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):368
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.089671149799718
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:6v/lhPUd9APoa5AjmnSHT7nsdPpePmfm0RcHzDLw5E68Hc9ZBOjRp:6v/78gPoa5lSHuePMm2cHzPU88tOD
                                                                                                                                                                                                                                                                                        MD5:423ED38AF2308D106484E0DD77DDDC42
                                                                                                                                                                                                                                                                                        SHA1:D3CDBFE0E478077C16A6BD3D6A19FB7CF010B42F
                                                                                                                                                                                                                                                                                        SHA-256:E9DA6BED3FB631D3744AC079BB4352BEC8B1066C99AA7EB809255CEB67BCB424
                                                                                                                                                                                                                                                                                        SHA-512:41FB34E8A4779409D11B2A9EDFECD70E9F0A6E3675E21547501CB78180117E965EA9416E1AAF124100CCE1DEFB3E406BFDA31E526E7924EDF1383B4297E33A2D
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR................a....gAMA......a....'IDAT8.c<'!.......W<?..S[.......?~2.~....m../]FW..3..@y.".>G{.......1..YS+.8..!..x\].p;(..ic......3....\0..4...._.........Q..x......>z.f.....`....)``dd....s._....10b.&!... ..............{.7.....4N........8.......p1......:.>.>...........q....u.o..bh@. ...:...o.F.|9u......_.Fs,v.Ff...(..=].........IEND.B`.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\desktop-shape[1].png

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:PNG image data, 7 x 13, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):197
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.986656121330302
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:yionv//thPlyyta2/uDlhlp8Lts7CX9/2yx24lSXqU3hjg/BFCb0cCHxlbVdMaW9:6v/lhP1b/6TsR/R0Zjgz89CXVdMndp
                                                                                                                                                                                                                                                                                        MD5:34760615AB0C180EB4B48739297FD0F2
                                                                                                                                                                                                                                                                                        SHA1:789438D09CC27A08879B1A9686C82527270E7C24
                                                                                                                                                                                                                                                                                        SHA-256:360C33D59E7358579601909D4CE91F1BCABF9E07BEB8F69D50C226D7D8F91260
                                                                                                                                                                                                                                                                                        SHA-512:1CE7E574D45D123C6B52119907E74D71B842F1CC380D79AEF876FDBC9FDB663F385BB4191650813D2E66EFE24265FD36EC944AF95F372C0413EDCF11361CA666
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR.............e.t.....pHYs.................sRGB.........gAMA......a....ZIDATx......@.EA.`...U..1\.......X]...G..{..HU.4Uj.`..O .3;..\..!3...q....[s./.@@..p...>.`(k..2.....IEND.B`.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\favicon[1].ico

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):4286
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.912342955561912
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:YY2q7UYWIzFhJFYo6syPYmSTZYVVQQT/VfygN6:YYh7TWqFpzTTGjT/VfyZ
                                                                                                                                                                                                                                                                                        MD5:A73B8189E32D3A97AE2FBF1A57931D49
                                                                                                                                                                                                                                                                                        SHA1:560A8EA628A89A82233BF4288166B54789242966
                                                                                                                                                                                                                                                                                        SHA-256:855F6B5EEA22A22F5F4ABCCEEED4B8969EFB3A99443036EB5EB64F5F46C8FD8E
                                                                                                                                                                                                                                                                                        SHA-512:2B016E28A7E63DE8FCAD90DDB38CCD5D875A22CF53D723E055B7C7C9B7589CB818883234C6682CA25112AF3CB4BA61A1AED384C1638C04905FC6FAFDD37F79A4
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:...... .... .........(... ...@..... .................................G..."...?..<2...)...'...-...8..uD...@...8...............2...2...1...1...2...4...7...6.......................................T...Q...S..*J...@...9...7...:...B...K...U.|/G...[.r.....C...=...?..c@...D...E...D...D..{]...H...................................i.a.:...].p.U.{.N...H...F...H...L...S.~.\.q.f.c4`.h...g.R...O...P...S...V...V...U...S...S.. T...................................m.V.o.R.i.^.a.j.Z.u.T.}.R...S...V.z.\.q.e.e.l.V.i.E j.H.Y...Y...Z...Z...Z...Z...Z...Y...Y..KY...................................g.E.e.A.j.K.k.X.f.c.`.k.^.o.^.n.a.j.f.c.l.X.h.H.[.5.E...U...[...[...[...Z...Z...Z...Z...Z..cZ...................................Z.5.N.(.[.6.d.B.k.P.k.X.j.].j.].k.Z.m.S.h.H.\.7.M.$.@..SK.8.]...Z...[...[...[...[...[...[..d[...................................M.&.L.#.L.#YR.*.].7.d.B.h.H.j.I.h.G.c.?.Z.4.N.%.?...=...}h....}.yb.\y..Z...[...[...[...[..Q[.......................................A...@...B...I...Q.(.V./.X.1.V.0.Q.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\jquery-3.6.3.min[1].js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65447)
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):89947
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.290839266829335
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:ENjxXU9rnxD9o5EZxkMVC6YLtg7HtDuU3zh8cmnPMEgWzJvBQUmkm4M5gPtcNRQK:EcqmCU3zhINzfmR4lb3e34UQ47GKL
                                                                                                                                                                                                                                                                                        MD5:CF2FBBF84281D9ECBFFB4993203D543B
                                                                                                                                                                                                                                                                                        SHA1:832A6A4E86DAF38B1975D705C5DE5D9E5F5844BC
                                                                                                                                                                                                                                                                                        SHA-256:A6F3F0FAEA4B3D48E03176341BEF0ED3151FFBF226D4C6635F1C6039C0500575
                                                                                                                                                                                                                                                                                        SHA-512:493A1FE319B5C2091F9BB85E5AA149567E7C1E6DC4B52DF55C569A81A6BC54C45E097024427259FA3132F0F082FE24F5F1D172F7959C131347153A8BCA9EF679
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:/*! jQuery v3.6.3 | (c) OpenJS Foundation and other contributors | jquery.org/license */.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,y=n.hasOwnProperty,a=y.toString,l=a.call(Object),v={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},S=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n||S).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]||t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\logo[1].png

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:PNG image data, 1633 x 708, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):27928
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.701164569435742
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:768:xSufGKAfaoovahBv4apFM4lvzDpqFosGd+Up9FIK0B:jfUMve54E//fCiIK0B
                                                                                                                                                                                                                                                                                        MD5:862D29153222B9B15C3C73B61B930335
                                                                                                                                                                                                                                                                                        SHA1:391BEBF4BA8910B718C5516491EB1C7D32D4C187
                                                                                                                                                                                                                                                                                        SHA-256:3EC8FA41DCE2684102F4A7B2D993388809CC2F6AE0616807CA9E3D94E6D19AC2
                                                                                                                                                                                                                                                                                        SHA-512:6FFCB08DE27DFA571C8EF35E7F017F2871482581308C10CF38EFF9A507D02325222B899D667FC86227C2985ACA05F17C1CD33EF4163BE3442F70F8907BD78404
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR...a.................pHYs...#...#.x.?v....tEXtSoftware.Adobe ImageReadyq.e<..l.IDATx....u.7.0.A......@...T`o.f*.SA...T`...+0UA..BU.X....a,.......u..:.%..`... ..........a. ......................N.....o..z..=.....r!..^..Rr.....J..b.{..x...9^....u.^.?+.......!..kQ`.....$YNo\/..km.4.n...........1H.0\e.$]^w..K.^....r{I......0.I.v.@!...6.r\..JI..n..9W......<.$.O.0.3]...W.|..n.B&%c.)......cI...e.K.^4....ZX!......C$a..rl.x....|%..I...x.]........I..m..a.?.vml76.O.:.lW........0|..!.M..D4.%..Yt..1+......h.$........w..c.B......&I..._.e..R.%c......#..b.K...d.....@c$aZ*....&..R4.F2........0-.r..n.|y#..H.Y..VB.....P....n!......MZ..W,.E.........>V..Z.!..E.ND#{..:...\(......!.Sc..0....Dq....eK......(.$LM.i.K->t.d.g......(.3a*.~.......x.b........\V.^..C...A.....Y......@Y..)X.a.?V..L.R.^.~+......e..)T....x....2.=..y..............L./..!..:^..}.........Y.S...i.Xv.0-K.b>.p&......y.......r..~./>u.U1+........0..!.:..x]...Z(......#.....<~.....s..........

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\logo[2].png

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:PNG image data, 1633 x 708, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):27928
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.701164569435742
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:768:xSufGKAfaoovahBv4apFM4lvzDpqFosGd+Up9FIK0B:jfUMve54E//fCiIK0B
                                                                                                                                                                                                                                                                                        MD5:862D29153222B9B15C3C73B61B930335
                                                                                                                                                                                                                                                                                        SHA1:391BEBF4BA8910B718C5516491EB1C7D32D4C187
                                                                                                                                                                                                                                                                                        SHA-256:3EC8FA41DCE2684102F4A7B2D993388809CC2F6AE0616807CA9E3D94E6D19AC2
                                                                                                                                                                                                                                                                                        SHA-512:6FFCB08DE27DFA571C8EF35E7F017F2871482581308C10CF38EFF9A507D02325222B899D667FC86227C2985ACA05F17C1CD33EF4163BE3442F70F8907BD78404
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR...a.................pHYs...#...#.x.?v....tEXtSoftware.Adobe ImageReadyq.e<..l.IDATx....u.7.0.A......@...T`o.f*.SA...T`...+0UA..BU.X....a,.......u..:.%..`... ..........a. ......................N.....o..z..=.....r!..^..Rr.....J..b.{..x...9^....u.^.?+.......!..kQ`.....$YNo\/..km.4.n...........1H.0\e.$]^w..K.^....r{I......0.I.v.@!...6.r\..JI..n..9W......<.$.O.0.3]...W.|..n.B&%c.)......cI...e.K.^4....ZX!......C$a..rl.x....|%..I...x.]........I..m..a.?.vml76.O.:.lW........0|..!.M..D4.%..Yt..1+......h.$........w..c.B......&I..._.e..R.%c......#..b.K...d.....@c$aZ*....&..R4.F2........0-.r..n.|y#..H.Y..VB.....P....n!......MZ..W,.E.........>V..Z.!..E.ND#{..:...\(......!.Sc..0....Dq....eK......(.$LM.i.K->t.d.g......(.3a*.~.......x.b........\V.^..C...A.....Y......@Y..)X.a.?V..L.R.^.~+......e..)T....x....2.=..y..............L./..!..:^..}.........Y.S...i.Xv.0-K.b>.p&......y.......r..~./>u.U1+........0..!.:..x]...Z(......#.....<~.....s..........

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\mobile-image[1].png

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:PNG image data, 375 x 180, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):23972
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.983082688064765
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:384:OQCmhN3Hqqm87sSOvS8PJKCqedNV7TMzNjdpNQsjtHnUSQkBmSfYuoq9Dgt:dCmr3KqmIdO68MAnnWNjdpBSSQVfWDgt
                                                                                                                                                                                                                                                                                        MD5:64C4757048F068394817EE126FDBA8A6
                                                                                                                                                                                                                                                                                        SHA1:3610DC2EB5E3C09809E94BD0694A06C7A51580FF
                                                                                                                                                                                                                                                                                        SHA-256:A9FEC8F56726ECA81D0600220A6B168FFF112A5283741FD5EC63509AEDBB51D5
                                                                                                                                                                                                                                                                                        SHA-512:373EE45E16D231B2FF8A897A357A52A58B63430E0BCF728867879F2E10E55C631589D6F63C1675E2E40EB1EF7CEB59B15DF18013EA0F3FA352A3B36296F14DAB
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR...w.........o.lP....pHYs.................sRGB.........gAMA......a...]9IDATx..g.$Wv&....H_......n......1...g..r.IQg.]..?:gWG.;....s.#........;.!....a`f..n.h...].dV...{.......j.C........|..}......................G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 .8lh...5.Hn.R......j'R.;|j!..I\7...Z..G...BhB.<}.....G..X..-...w"..]f.v~..+.HI...#._.k.S.k!t...n..;...6..`...G...L...../...1...Hz..:.....j........a.."..M...(..u.L..+m.3.">....i..pq..v.!..p...m7.gH\.v.{.....j,@...w:@.......v.....>).w.......G.r..LKmE.@........K...v0^........v..b...ja....@t`..u.......{D...}./}...}g.NN. 6..]...PS2.q.Ge<..v ..D....B..B.V...D!.T...@>G.....u.m4.Z.XZ.\X...j..F.Y@.... .."z....

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\mobile-image[2].png

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:PNG image data, 375 x 180, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):23972
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.983082688064765
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:384:OQCmhN3Hqqm87sSOvS8PJKCqedNV7TMzNjdpNQsjtHnUSQkBmSfYuoq9Dgt:dCmr3KqmIdO68MAnnWNjdpBSSQVfWDgt
                                                                                                                                                                                                                                                                                        MD5:64C4757048F068394817EE126FDBA8A6
                                                                                                                                                                                                                                                                                        SHA1:3610DC2EB5E3C09809E94BD0694A06C7A51580FF
                                                                                                                                                                                                                                                                                        SHA-256:A9FEC8F56726ECA81D0600220A6B168FFF112A5283741FD5EC63509AEDBB51D5
                                                                                                                                                                                                                                                                                        SHA-512:373EE45E16D231B2FF8A897A357A52A58B63430E0BCF728867879F2E10E55C631589D6F63C1675E2E40EB1EF7CEB59B15DF18013EA0F3FA352A3B36296F14DAB
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR...w.........o.lP....pHYs.................sRGB.........gAMA......a...]9IDATx..g.$Wv&....H_......n......1...g..r.IQg.]..?:gWG.;....s.#........;.!....a`f..n.h...].dV...{.......j.C........|..}......................G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 ..;888l@8rwppp.p............a.........#w......G.............6 .8lh...5.Hn.R......j'R.;|j!..I\7...Z..G...BhB.<}.....G..X..-...w"..]f.v~..+.HI...#._.k.S.k!t...n..;...6..`...G...L...../...1...Hz..:.....j........a.."..M...(..u.L..+m.3.">....i..pq..v.!..p...m7.gH\.v.{.....j,@...w:@.......v.....>).w.......G.r..LKmE.@........K...v0^........v..b...ja....@t`..u.......{D...}./}...}g.NN. 6..]...PS2.q.Ge<..v ..D....B..B.V...D!.T...@>G.....u.m4.Z.XZ.\X...j..F.Y@.... .."z....

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\suggestions[1].en-CH

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):18176
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.525633053475079
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:384:K4gN8sGygaEKfWYSJUKbO7UckxtBjCdY7mO3D0C5l+piEieDSV126ry1/XSGKwG3:K4gNFXiKfWfJ1Kockxbd7mAt5Mp5ie2F
                                                                                                                                                                                                                                                                                        MD5:5A34CB996293FDE2CB7A4AC89587393A
                                                                                                                                                                                                                                                                                        SHA1:3C96C993500690D1A77873CD62BC639B3A10653F
                                                                                                                                                                                                                                                                                        SHA-256:C6A5377CBC07EECE33790CFC70572E12C7A48AD8296BE25C0CC805A1F384DBAD
                                                                                                                                                                                                                                                                                        SHA-512:E1B7D0107733F81937415104E70F68B1BE6FD0CA65DCCF4FF72637943D44278D3A77F704AEDFF59D2DBC0D56A609B2590C8EC0DD6BC48AB30F1DAD0C07A0A3EE
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:8...L7..............TRIE64.....?....\........c.h.a.n.n.e.l...c.h.$.h.t.t.p.:././.w.w.w.....1.6.t.h.e.m.o.v.i.e...c.o.m.$.h.t.t.p.:././..A0...c.a.r.p.r.o.s...c.o.m...1..A1...s.h.a.r.e.d...3...c.o.m.$.h.t.t.p.s...0.0.n.o.t.e.s..A...Aa...p.c...g.o...a.m.i.l.y.....o.c.a.l...e.w.s..A...Af..Al..An...y.a..Ac...l.e.a.m.m.o...d.e.m.y...u.n.t.s...k.e.y...c.o.m.$.h.t.t.p.s..Ao...u.w.e.a.t.h.e.r...o.n.y.m.s...t.h.e.f.r.e.e.d.i.c.t.i.o.n.a.r.y_.Aa..Ac..Ar...t.i.v.e.r.a.i.nP..i.c.t.i.n.g.g.a.m.eZ.Ad...o.b.eU.A.T..t.n...a.m...r.t.r.a.nG..s.k.a.a.i...b.a.b...g.i.a.n.t...e.n.u2..u.r.sP.A...Aa..Ai...lAe..Am..An...r.e.c.i.p=..z.o...t.h.e.a.t.r...x.p.r.e.s.s...r.i.c.a.nAe...t.o.w.n..Aa..Ac..Ae...t.r.a.k...e.s.t.rD.Ak...r.o.i.d.f.o.r.u.m...l.f.i.r..Ae...i.e.s.l.i.s.t...m.a.l.j.a.m...a.g...i.c.r.o.s.o.f.t...w.e.rAb...s..Ac..Am...y.a.h.o..Ac..Ad..Ag..Ai..As...y.w.h...lA....a.n.s.w.e.r...i.n.d...u.i.d<..a.t.i.n.g...r.t.m.e.n.tAf..Ag..Ar...s}.Aa...p.l.eA.w..b.e...r.g.a.m..Ao...y...m.i.l9..l.a.t.i..Am...t.i.c.l

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\th[1].jpg

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):20088
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.960446462010607
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:384:SyZQ4HVAHTQfAzMFNBVKc96EKPjk8ND8F/5F:SyXVfAzq6cDKbk6gVH
                                                                                                                                                                                                                                                                                        MD5:2728042C20CE92434DC167E556BBF8C7
                                                                                                                                                                                                                                                                                        SHA1:6E12BBAED706ECE12E70CBDF485E766D53B9A2F1
                                                                                                                                                                                                                                                                                        SHA-256:61FE3400F2BDA883DF2D459FCC4152F3615583AAB66BD3543514B06D7315D7E6
                                                                                                                                                                                                                                                                                        SHA-512:4E898A7247DD3EE9ED78DE38DEA3C6CCAD3E303FBCDBD83EC9A276941585CFCF3DB50909B4C345BEDD4E0011EC7B9F5EA1227619FB25ADBCEC746B267774FDB6
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.../.7........P3..2*...t...Q.b?....<.m".....+.y.:_...8......E._.F......#.\U...xr...U...........?.t.~..<v&..G..G.Im.V.t.:.YX..X.U.@...=.L...Jz.{..\.....[!.9.E6..8.....z.7...x.I....P2e.Q....5b....jF.d7_...~)....~.....$e..^}.N.1^..>lV..|;...M.~!...C.....?+c...@)..T.T.......g.....6.....yz...1.S..`k29T...S.2.....P....T.#P..s.w....>.L..>...4.....&..9.Z.F.%..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\FGDLZ049\th[2].jpg

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):26542
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.97128165382585
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:384:SqtjEjKbnCL+BSDNvpGSfYiiaTno+cp8hb//fNR81urVdz0FmGxLrM28VGFg/IdC:SqimDChDbG5ix9bBVh0FXxLrM2owdxE
                                                                                                                                                                                                                                                                                        MD5:002928754E56BDEC47C626C2460DA757
                                                                                                                                                                                                                                                                                        SHA1:A5D8AB4FA7A3988E68D05F54F8D093A0545701E8
                                                                                                                                                                                                                                                                                        SHA-256:57E2C3DC2ACA9FF7CBF9BF247A31AF152D158E190A11ED182B79D3EA93EC690D
                                                                                                                                                                                                                                                                                        SHA-512:C2AF7F5F7457279FC0F238AAD430B9BB4244BED99A673D0E2749152ABC140084E5D23C1B1BA60A8B0D2106873CD7CEB99F76D72469E5CA4CDB2B6CF79025E5CE
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..OG..ga..f\n..3.>..X.....4zu.G2..._..y..=.u..o<........T.._>-U..5.E...&R..~..O|..F.|-.'.Z^.<...,.ir.cg..mJD...4j..)..............#...[k..h\..".d`pA....Y.....Ki$..!u.........J.+..hZw.4."..=aE...}:.k....2,r...8.........[.xK..\M.>....d.Z..`.JK.w...m..F..V,..1.^....%d."r...?.i.T.0..... ..&|8.6....|).MV.L...R.G...\.B....Y.....o..0.4...Z..kn'X..k$x...P...*.v...W.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\AA1e4SyE[1].png

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:PNG image data, 96 x 96, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):4774
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.587160518713631
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:g0949qBhljdCmTSqCdOVtg9gTydz6FqIzeSO8+MnU0Odx042hmS4m:Rlf0ktKg+8FOSOAU0kij
                                                                                                                                                                                                                                                                                        MD5:3B7385626E0C2B7A98BE3A2C949E6620
                                                                                                                                                                                                                                                                                        SHA1:F34270AF3F647F71310D39FB60B68EF57FE2CB4B
                                                                                                                                                                                                                                                                                        SHA-256:43CFCA27B4C7B6000DD8852636EB822879E2A09E1ADA651B61E9F1A20790618E
                                                                                                                                                                                                                                                                                        SHA-512:E9036EA531772A4A57B74550E631F7FD49DF423A4A075719ED22845069BA3157CC10BD79A6E703B79F27AD1930A4172DDD52994271AE98EA2690B837B113CCC0
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR...`...`......w8....pHYs..........+.....;tEXtComment.xr:d:DAFodJ54q90:2,j:1645336089431371784,t:23071220[S:.....iTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x='adobe:ns:meta/'>. <rdf:RDF xmlns:rdf='http://www.w3.org/1999/02/22-rdf-syntax-ns#'>.. <rdf:Description rdf:about=''. xmlns:dc='http://purl.org/dc/elements/1.1/'>. <dc:title>. <rdf:Alt>. <rdf:li xml:lang='x-default'>Untitled (96 . 96 px) - 1</rdf:li>. </rdf:Alt>. </dc:title>. </rdf:Description>.. <rdf:Description rdf:about=''. xmlns:Attrib='http://ns.attribution.com/ads/1.0/'>. <Attrib:Ads>. <rdf:Seq>. <rdf:li rdf:parseType='Resource'>. <Attrib:Created>2023-07-12</Attrib:Created>. <Attrib:ExtId>83d1659d-891b-4b41-bac9-77955ec9a192</Attrib:ExtId>. <Attrib:FbId>525265914179580</Attrib:FbId>. <Attrib:TouchType>2</Attrib:TouchType>. </rdf:li>. </rdf:Seq>. </Attrib:Ads>.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\AA1sRYR3[1].jpg

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):16384
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.927133523851673
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:384:fP2gUrKApNAnweEmO+j4dP79Xut4VVtZI1lksdg/SP1tJbi9vY:fmpN8wZmO+j4FIWXIu/4HJs
                                                                                                                                                                                                                                                                                        MD5:99BEA6E84B9E07675D22D021450C7B33
                                                                                                                                                                                                                                                                                        SHA1:91E9A7AA941B019EA112587DB8470ADDF98FA3E1
                                                                                                                                                                                                                                                                                        SHA-256:AFEF5DDBCA05F8B4933C075E2FE25203148BFD149DF9322BF2E93608A628A649
                                                                                                                                                                                                                                                                                        SHA-512:F2249C87203087626FD25D563DD2032F053104D838B2A1817A9C629AC659205DB491C81294466D38F133946FAC3B90271137C279215B68DBF98A0580D5D917F9
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:......JFIF.....`.`..........,...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..........................................................................................................................................................................................................................?..2.F.._.v...nS...k...^....3.KBdH.[.O;.._..+....}.?.H..v##..2m.X.E-S*,...*.vc...8.....0...V...x.q....v.....5.g./...F.....m=.gg.b......T...Up...Q...4.I....!.b.=G......s{9-c".......2n.pN>..G>...[X..Q.4_.......c..X@.u..=EomT..7\./cm<@o.H.a..o.q......^eg....;.S#..xt.R..H.H....f..?O^.{Q:..R{=..R..u...\f.IDj"*$$..I'.....s..o.".Gs.~VIp...9...U^...C.Z,.Co..e........X..:.%..:D.i.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\BB1kXpez[1].jpg

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):32768
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.247381939128456
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:768:fe4guXWAi3fJrePjdAsVpb1W2UnpZkcZv6lMGA:fpGAiPZyxpBwntZSyb
                                                                                                                                                                                                                                                                                        MD5:704EB4A423E787E2F4EF1E16DC1A5752
                                                                                                                                                                                                                                                                                        SHA1:51585056CB96F81338E4BE0C338E40F5F4A1C494
                                                                                                                                                                                                                                                                                        SHA-256:00B64CCDEC67167CEA94866FB0EA92D83F03C9CB4CCC66B15FF597F7645B8A0C
                                                                                                                                                                                                                                                                                        SHA-512:0D25EAB649AD422AF23DAFDE8142DF5B3C477F779DB09128B0007A7673C2CA09A5788F9525ADF058F1C74C883B2288BEECC12B8A2FCB253031EAC22511F346A9
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:......JFIF.....`.`..........,...........................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz......................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..........................................................................................................................................................................................................................?..?...N.5..K.o...Ooj.ZY.........09..3.....G..7....>!i..d..$U....{.j.....v.I...I...w.S.Z.....MYo.>ZH...v..c<.K.pkx.K..)..KQ..+....77E....P....x...I`+.p.k.....)..d.......N...;...f.6......a...u..._......Cn.......>.X.....:W.xC...%[|.....C%H*YH.AH.A...4<A.I.z.."..o.C....@.....E.CW.....{\..J...''.V.I^rK.....-87...}R.'..K....G.y..Z.h.S.k..*.%X..=.(...V.........KQ.V/Sd..D..;.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\D7I14071.htm

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:HTML document, ASCII text, with very long lines (58061), with CRLF line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):193463
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.45099765563528
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3072:IZc0PydBFOGFxiq6nI8khsNyh/P9OZ8TixYB:H0PyAGFxx6I8hNyhX91OxYB
                                                                                                                                                                                                                                                                                        MD5:BA9222E2CDB10193F3B933DBCEA1D33C
                                                                                                                                                                                                                                                                                        SHA1:5E428AC390C69BE152BB5B568E4B7E77CDA8946C
                                                                                                                                                                                                                                                                                        SHA-256:7A48271AEB278E91283A8D86E56D7B966BC4A6D3D254CE9843138896467A8655
                                                                                                                                                                                                                                                                                        SHA-512:9EC8249CF7200A5B2F6792E7F9E2EDB1DD2BBA0DC29443B97E1951B4043C5956663E38B123BC0EAE9C7C27382BFDDE380537DA353E5751D0A7908A19385F20BA
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:<!DOCTYPE html>..<html lang="en-us" dir="ltr" >..<head data-info="f:msnallexpusers,prg-sp-liveapi,prg-fin-compof,prg-fin-hpoflio,prg-fin-poflio,xads-adqiscbmm-t,prg-infop-ads-dl-t2,prg-ad-c-stab-bn,prg-c-stab-bn,prg-1s-dwvid-t1,1s-p1-dwls,1s-p2-dwls,prg-1sw-nocooldown,prg-pr1-videos,prg-pr2-videos,prg-vid-dwlscache,prg-1sw-sageex3b,prg-1sw-sa-maiprofile_c,prg-1sw-sa-encomboc,prg-1sw-tmuidsyncrfwoerr,prg-1sw-refreshp,prg-1sw-tmuid1ssync,1sw-tpsn-dstprg1dcy7-t,1s-tpsn-dstdcy7,1s-tpsnp1-dtdc,prg-1sw-defercon,2409-new-bing-design-c,routegraphexp,prg-adspeek,prg-1sw-revenue04,prg-pr2-widget-tab,prg-pr2-trdischi2,prg-pr2-trdischi,btie-msnlkddisc,1s-fcrypt,1s-ntf1-octcontrol,prg-upsaip-w1-t,cg-profile-v2-ctr,1s-rpssecautht,jj_fac_t,1s-ntf2-rdid3,1s-ntf2-fsptbrc,1s-ntf2-pnots,1s-ntf2-rdidx3,prg-p2-ts4cold,prg-pr2-monexpb,prg-pr2-monexpbf,prg-pr2-pnotia,prg-pr2-butterflylogo,traffic-pr2-ins-ncmi,prg-p2-tfins,prg-pr2-add-event,prg-pr2-add-pred,prg-pr2-insiclp-pri,prg-pr2-tfins-lim,prg-pr2-tfins-

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\common.f5a0b8659adc79f08f3a[1].js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):265016
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.432282478805322
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3072:Zfl5uojPMEN6QHmFyKb3yhW2F0/Un4cjXdv6OwBKw:Zt5uo4VQHmFyGRUnDwBN
                                                                                                                                                                                                                                                                                        MD5:B90D56ACF9D4042F5C2AE9F80F9EE9B3
                                                                                                                                                                                                                                                                                        SHA1:67468B82C395D3EBE1A71FE522B0B76251AF23AF
                                                                                                                                                                                                                                                                                        SHA-256:F1967A4A81C911BEC92356023D235364E06007D30E0D74214DF090B31B70C19F
                                                                                                                                                                                                                                                                                        SHA-512:29079EBA76737196C6A3B437297B5C4935FDBC1E860E986D4A1D24857945BB1041B9672B6056244B6EB5B6629730DB961799F652B704FBA223C2E0712C606653
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:"use strict";(self.homePageWebpackChunks=self.homePageWebpackChunks||[]).push([["common"],{54085:function(e,t,n){var r;n.d(t,{p:function(){return r}}),function(e){e.Desktop="desktop",e.Phone="phone",e.Tablet="tablet"}(r||(r={}))},21290:function(e,t,n){n.d(t,{GB:function(){return s},Km:function(){return c},Oq:function(){return f},Sp:function(){return d},Wc:function(){return u},cm:function(){return p},e_:function(){return g},oH:function(){return h},r7:function(){return a},yL:function(){return l}});var r=n(45331),i=r.z.Alert,o={build:""};function a(e){Object.assign(o,e)}var s={id:22012,severity:i,pb:o},c={id:22014,severity:r.z.Critical,pb:o},u=(r.z.Deprecated,r.z.Deprecated,r.z.Deprecated,r.z.Deprecated,r.z.Deprecated,r.z.Deprecated,{id:22027,severity:r.z.Critical,pb:o}),l=(r.z.Critical,r.z.Critical,{id:22031,severity:i,pb:o}),p={id:22032,severity:i,pb:o},d={id:22033,severity:i,pb:o},f={id:22034,severity:i,pb:o},h={id:22050,severity:i,pb:o},g={id:22051,severity:r.z.Deprecated,pb:o};r.z.De

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\experience.c6328f7e0de9d530b099[1].js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (62058), with no line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):231714
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.762504689798511
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:Bl4m9UoyafT1Hjhw3dsrWnQHdiJg7hJ5BjNnaAyGJNyWVzskeUjlWSGu9bCxKYb1:Mm9rsg9KAvyWs7Gb9+Fb1Zzae
                                                                                                                                                                                                                                                                                        MD5:DD57DBBD4CA60B07BBF9627B551BFD27
                                                                                                                                                                                                                                                                                        SHA1:7AC81BC2AD716D8E5671FA60C59B3E11DECAD2BE
                                                                                                                                                                                                                                                                                        SHA-256:26100FF6DA050243DF7EAB42824655774C5B7E83534338E99316CA34DC48AE98
                                                                                                                                                                                                                                                                                        SHA-512:22ADADE786E17A4487AED3819CEF1E9A66C7011BDE1BE8FC7E20C8DFB9322BF0550EBE25293BCBE913ECC73BCCFD30F9891EA6703903D74F1C4291127828AC28
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:!function(){"use strict";var t,e,n,r={12451:function(t,e,n){var r=n(8460),i=n(2132),a=n(82589),o=n(9925),s=n(96838),c=n(56595),l=n(54616),d=n(82512),u=n(3290),f=n(8488),p=n(4577),m=n(4108),g=n(23159),h=n(65212),v=n(27310),b=n(54085),x=n(29714),y=n(3460),w=n(91898),k=n(42390),C=function(){function t(){}return Object.defineProperty(t,"viewType",{get:function(){return x.Gq.get(this.viewTypeKey)},set:function(t){x.Gq.set(this.viewTypeKey,t)},enumerable:!1,configurable:!0}),t.trackCallbacks=function(){switch((0,y.Bn)().currentColumnArrangement){case w.K$.c1:case w.K$.c2:t.viewType="size2column";break;case w.K$.c3:t.viewType="size3column";break;case w.K$.c4:t.viewType="size4column"}return t.viewType},t.getTelemetryProperties=function(t,e){var n=!("false"===k.c.getQueryParameterByName("enableTrack",e)),r=k.c.getQueryParameterByName("ocid",e)||"hpmsn",i=u.jG.ActivityIdLowerCaseNoHypens,a="0",o=!1;if(d.Al&&d.Al.ClientSettings){var s=d.Al.ClientSettings;"true"===s.static_page&&(o=!0),a=s.browser

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\favicon[1].ico

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):4286
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.8046022951415335
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:suZOWcCXPRS4QAUs/KBy3TYI42Apvl6wheXpktCH2Yn4KgISQggggFpz1k9PAYHu:HBRh+sCBykteatiBn4KWi1+Ne
                                                                                                                                                                                                                                                                                        MD5:DA597791BE3B6E732F0BC8B20E38EE62
                                                                                                                                                                                                                                                                                        SHA1:1125C45D285C360542027D7554A5C442288974DE
                                                                                                                                                                                                                                                                                        SHA-256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07
                                                                                                                                                                                                                                                                                        SHA-512:D8DC8358727590A1ED74DC70356AEDC0499552C2DC0CD4F7A01853DD85CEB3AEAD5FBDC7C75D7DA36DB6AF2448CE5ABDFF64CEBDCA3533ECAD953C061A9B338E
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:...... .... .........(... ...@..... ...................................................................................................................................................................................................N...Sz..R...R...P...N..L..H..DG..........................................................................................R6..U...U...S...R...P...N..L..I..F..B...7...............................................................................S6..V...V...U...S...R...P...N..L..I..F..C...?..:z......................................................................O...W...V...V...U...S...R...P...N..L..I..E..C...?...;..{7..q2$..............................................................T..D..]...S)..p6..J...R...P...N..L..I..E..B..>..;..z7..p2..f,X.........................................................A..O#..N!..N!..N!..P$..q:...P...N..K..I..E..A..=..9..x5..n0..e,...5...................................................Ea.Z,..T$..T$..T

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\microsoft.b109cceab5e009228460[1].js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (65448)
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):94707
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.407635683386335
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:768:GSqLAEwLuZAFL1oL3SDk5v1VWkNWPEYydLLnnS+7ySGAEMbiYnRGwVKVt+RFVDh4:GJMCUCuW3WkNtnnDGgGwVKWklyGEQ
                                                                                                                                                                                                                                                                                        MD5:AA2BEDDF57312EF1CD312880E2729EBA
                                                                                                                                                                                                                                                                                        SHA1:8E53B59585F8C947924355AFDC72A62E27CD001C
                                                                                                                                                                                                                                                                                        SHA-256:16933DCF75634F75F0A09A67FB0FF7D9D0556188A888CDD89E05F2D21997BB51
                                                                                                                                                                                                                                                                                        SHA-512:64AC2CCE15619DA127C5F1B637BBB39C1EB3DB69DE30FB690863C7390EC0A6D0BA2BEE9B9BC20DFF2B4044D17CED483CE5294E624F792652E8E4E1AD6FFAD4DD
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:/*! For license information please see microsoft.b109cceab5e009228460.js.LICENSE.txt */."use strict";(self.homePageWebpackChunks=self.homePageWebpackChunks||[]).push([["microsoft"],{39115:function(n,e,t){t.d(e,{Z:function(){return M}});var r=t(68897),i=t(44611),o=t(89734),u=t(98693),a=t(38629),c=t(64648),f=t(73966),s=t(64973),l=t(26105),d=t(46540),v=500,p="Channel has invalid priority - ";function g(n,e,t){e&&(0,f.kJ)(e)&&e[c.R5]>0&&(e=e.sort((function(n,e){return n[s.yi]-e[s.yi]})),(0,f.tO)(e,(function(n){n[s.yi]<v&&(0,f._y)(p+n[c.pZ])})),n[c.MW]({queue:(0,f.FL)(e),chain:(0,l.jV)(e,t[c.TC],t)}))}var h=t(27218),m=t(24200),y=t(92687),b=t(28055),S=function(n){function e(){var t,r,a=n.call(this)||this;function l(){t=0,r=[]}return a.identifier="TelemetryInitializerPlugin",a.priority=199,l(),(0,i.Z)(e,a,(function(n,e){n.addTelemetryInitializer=function(n){var e={id:t++,fn:n};return r[c.MW](e),{remove:function(){(0,f.tO)(r,(function(n,t){if(n.id===e.id)return r[c.cb](t,1),-1}))}}},n[s.hL]=fu

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\th[1].jpg

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):11944
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.945172418389474
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:S4AAKR57zg1bx5vnSw0Re2sZJZbbcqiE3s6UEIJTm7T0MHDyf91LED32:S4ALR57zgpxdnCSJZbbxN3sXNoV2M2
                                                                                                                                                                                                                                                                                        MD5:E40B0C5282B23048AF7FBC0242492EC3
                                                                                                                                                                                                                                                                                        SHA1:2C548417533437EC8C57468384BA97C2303E7E12
                                                                                                                                                                                                                                                                                        SHA-256:B8B194AC42E4717FDDFD0CC16E7B5FB260A7EB4C84F87DA9A17CFE61A2D92631
                                                                                                                                                                                                                                                                                        SHA-512:9015FDBE2F6ADE6AF453B0597E65E9062CFC54D285299541415C11777569228BB312AE8463F83D36DF3C7F93E5518CBEF943FB6076AE51D234F8CE9D87EDB213
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....@....).5.b ...ZA..E ...Sr=i..u.c..K....I...<r..."-D.je...`S......j&l.Z.p..0..A.z.&..4..4.Mj...?...n8..h%.q...z...Dn....;.......IlPQ6..k...r......[...8.y...C..r..iG.y...J.....Z....A#......P.Z.4..H.(....V.....5.......jt..Ux.......J..A..c..i..m....V..)...t(...t. -........Rh.Tx{......z........*...&PK.rkWB}..G.7........Zk...~u~.....S..h*])..M3.o..>>..Z..I..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\th[2].jpg

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):20948
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.965239484610933
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:384:SL4/BQdKjNvx2GI7k9GtS/twdabBU21lEyIuOXHyMhhDXDMx2UErT:SKNvUGGCyS/Wsd+3hBgtE/
                                                                                                                                                                                                                                                                                        MD5:BB810CAD9A74CF92A4D95E0D0D8ADFD7
                                                                                                                                                                                                                                                                                        SHA1:47E96BA5CD0C256821295C06285A852B2A74A3E2
                                                                                                                                                                                                                                                                                        SHA-256:54A1DB44D829AB0718A4842ABC5882E67BB517859908AB127F4D434272D9B49F
                                                                                                                                                                                                                                                                                        SHA-512:D79AF742D26E2B2884410923872C1A63EC09F7D848288C78B858AD4FE1FA8D3659DC1235AAA63D8BA5A37DA8BAEEDA406B003F175F0B811F28ECCCF636EB1F9D
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...+.6..mm.$w...f..$F.......=..^.%...}.(c...D>D.r.X...[.46..&.qur.c.H.....(..OS...z..P..6.r.u..`..6...k%.`A`x2.@..H...Yk.E.g..F..K.|.....(.i.{.\..+.[...kr....;.......I?.9..kf;..e.:..K09...K.:v.....<3.p......+B.d..U$.e=H.H.V&..#.fiC..;.q.<.m....<.Zc...H..iw.\.@.3..I.....t..?.@....@.C..7..=B..a.j....Vmw}s......E..'...................2.=v..o.#.\....}.S.:..G./.Z

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\th[3].jpg

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 300x157, components 3
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):11851
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.929703900977787
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:SKPEj29vLXeoAZLOwOsHJD+l/e3wFTbeu9pwGIS+FFspNwQXiYVmgk27h633SjVp:Sv2VLXzAliHGwFqqqGF+FO+xYcgk2Yyr
                                                                                                                                                                                                                                                                                        MD5:7716C395F04C758066DA4240FB11051B
                                                                                                                                                                                                                                                                                        SHA1:14171F5515A50B8B3A7CF494098FFB2EA7415845
                                                                                                                                                                                                                                                                                        SHA-256:5D4BE16F409332D561122C9FA76F8C75ACAA50D8D723F30F367FB49A29FBBB2E
                                                                                                                                                                                                                                                                                        SHA-512:C86F3DBE25937660E63D36B3E2E9C01F782ED49E660F067FBA462E12F9555A23015DC8D140E67633AAB3A51EFC36360201A93C98016CF55B86C2ABB13AFE3175
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:......JFIF.....`.`.....C....................................................................C.........................................................................,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..k.0qJ..A...[.....;*E..]@..0})...\..G..F.?....n..&..?....f..&.5...E..F.@.%.K.....t..i.i..%..(CK....K..N....S@.........`(........+......J.S..Piv.z.S..H...\.....MP2.8.?.Yj...6?.X."6.B..z..c'.m[.2C......8...5"..k...p;U.I...}Mf..4Kr."....~)(55..N+.qJ...).....f?..L.q....@...@......?..0(.....m..8.`Q..S....(#..]...u....*..@.)...8..s!<...}.....Q`&...".....P..G.B.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\W1DLB4AP\vendors.290823e0e7160e8e5303[1].js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (44387), with NEL line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):194844
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.419132326845799
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3072:oSYgu0Mj/PJ3floxEsQtzbwDZ777/3DwLps0p:oSYguVJvSa5+Z7uOE
                                                                                                                                                                                                                                                                                        MD5:1C8B7CFD513B7ECA52BA64947CEE70E4
                                                                                                                                                                                                                                                                                        SHA1:6BA3FBE2E7514E981EB68E9A92E9EA7A499CCC0C
                                                                                                                                                                                                                                                                                        SHA-256:D1730E14E7E3D2362E6C5FF0C9C36E08660F87317EC44551FAED419263240F2C
                                                                                                                                                                                                                                                                                        SHA-512:1F6567D3870CFBE002CD447135020C9F1319DFAB76E3CEAFE4C62BDD79F78F2AB3E5958DE9E068A3937E1C469978FC2E4A56015B82E06FE1377A78B47D1B06DC
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:"use strict";(self.homePageWebpackChunks=self.homePageWebpackChunks||[]).push([["vendors"],{29558:function(t){function e(){}t.exports=e,t.exports.HttpsAgent=e},74322:function(t){t.exports=function(t){if("function"!=typeof t)throw TypeError(String(t)+" is not a function");return t}},25135:function(t,e,r){var n=r(26397);t.exports=function(t){if(!n(t)&&null!==t)throw TypeError("Can't set "+String(t)+" as a prototype");return t}},6664:function(t,e,r){var n=r(23362),o=r(35093),i=r(79549),a=n("unscopables"),u=Array.prototype;null==u[a]&&i.f(u,a,{configurable:!0,value:o(null)}),t.exports=function(t){u[a][t]=!0}},99027:function(t,e,r){var n=r(58306).charAt;t.exports=function(t,e,r){return e+(r?n(t,e).length:1)}},57699:function(t){t.exports=function(t,e,r){if(!(t instanceof e))throw TypeError("Incorrect "+(r?r+" ":"")+"invocation");return t}},45150:function(t,e,r){var n=r(26397);t.exports=function(t){if(!n(t))throw TypeError(String(t)+" is not an object");return t}},60410:function(t){t.exports=

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\0d26cbc0-5c13-4c45-9b01-9922ad326302.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):138356
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.809609231921042
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3072:AQ++ZdS5+fnwcxO+XwquyeNnmraugZ/1DOoncWD/5q:AQ++/PZmlyeNnh/1SmRq
                                                                                                                                                                                                                                                                                        MD5:3F6F93C3DCCD4A91C4EB25C7F6FEB1C1
                                                                                                                                                                                                                                                                                        SHA1:9B73F46ADFA1F4464929B408407E73D4535C6827
                                                                                                                                                                                                                                                                                        SHA-256:19F05352CB4C6E231C1C000B6C8B7E9EDCC1E8082CAF46FFF16B239D32AA7C9E
                                                                                                                                                                                                                                                                                        SHA-512:D488FA67E3A29D0147E9EAF2EABC74D9A255F8470CF79A4AEA60E3B3B5E48A3FCBC4FC3E9CE58DFF8D7D0CAA8AE749295F221E1FE1BA5D20DEB2D97544A12BA4
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........q.a.....E..i.t,..7C..7!...`l.-.......T.vH...~.....'..aH..C.oJOE..d..2..$J......I..;.(9l.(..+.N.6.@...].a.n.S.6..=.b.W.\....o...#.~J.W.1..E...2H....S.g0....../.H...y.O8...kE.,..m!..F.D.p......H..s.W ...#.L........Ij.........-..n..\..vD.d.V.....!......[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. ?Eq.M...[6^...+.].G..Y]...7..o.. U...v....P.J...@.E!...B.d..p..i".%............oo.<....~=..!t.+...`....h..LK....0....h...,.R%.....u...._..V_.q:_._..5}.uS\.....x?...~]..C-....S=L...._c.P.B....-M...62.i*.Q.....9.....+S=...../6:...W..ql/g..&j.y..{.."....|..F....|....V....w.%t.y..?..&..a..<.n....S+|..=.ra.....

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\79355461-2a08-4acc-8cf7-73240481b851.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\894f79a6-ba88-4b33-9034-b822f8e5d680.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 276634
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):242356
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.991210403664034
                                                                                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                                                                                        SSDEEP:6144:nvRDe2ei//LiBCNBs4vIVeMRhzb6d0X7ayNC:nde2edcbveZRFW0X2yk
                                                                                                                                                                                                                                                                                        MD5:B73A9C52EF76DD9F575BDCF919B05902
                                                                                                                                                                                                                                                                                        SHA1:A7ED2E7B5F85D6E502B538FDEBD91343D811E55A
                                                                                                                                                                                                                                                                                        SHA-256:EF05EE3FA07D46FDDD88DA7760509F7BA658D3A9A5696004404F5A128349B323
                                                                                                                                                                                                                                                                                        SHA-512:01EB2E462F3EDE544A66C0EEABA9172B668B6EA20D2FEF5A3DD2217E60ED42F70523F194B8901A48CDA3E55E1F65A14BAB2FBE3B34D2CB410B1939B9BB7B4CBC
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:...........}.w..._..W.2...W.N&....I..k..'@..Y...c...~K..3vB....#.K.........R.Q.%.4......+.r.M?.\....l....q......Xo\..6.u..q.i.[V_...u..M0...LK......)KcyM.<#....q.$..n<..f5.'..V3oY.v.....k....f.kul...F..4.^..^.(r}.k..[...?.....Y..K.9.VZ..r.c.m..wL.n....L+7.fnY..j.r..v..;P..Xz....~..;....yO3.P.`.]H2u...]...zV....[..m...v;...6.....8.._.l...;NK..W.4...G.....4...>..F.xl.Z..B?.zAcZO.....VI.(}f..j.k..)._...z.72-h.Fj....o.WB..~.gO..5-da+PW....H..n......q......W..5.C.+m..u.~.<.....E.uf?.?...3.......$@+......Z..6..4...&..Mz..W..~...V-}@'.w....t..nx..,.....0b.:QR'..W|#2b.....3}....wP.5.n..j.&...8q-H#O4.{/..G.....%.@(.&...M.5X,3(.d.L3~[.Yp.^.m../4...OB..u .=.7...:.N.k.m......... T..6!8......._. ..?..<...v...X.F.....<,....01.+...H.'....<...E......O..%P..-HH[M.......1[.7@H....eBJw.|....x.....i.....i.&.B.A.L.l..T...6..z....4).Y.F.%.>.o.a6{vw.=..F....e..e|.i.4.n.O-.1.FK.Z+..x@..$...?..C.....t....>...O...n.mN{.R .@.uNG...p.TT......9#=.z.j.....Oa..S.a;.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\c38b5952-0854-4e7f-bba6-ea306ae0ee6d.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:L:L
                                                                                                                                                                                                                                                                                        MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                                                        SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                                                        SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                                                        SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1420
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.40991839452367
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:YK0bl5r75riCe0qW+5Ua02EHP5IKL0jZ5JwbX/B+L02RDj5DOcoI02OBip5M:YK0bl5r75riN0qW+5Ua02sP5IKL0jZ5A
                                                                                                                                                                                                                                                                                        MD5:2DAC7977AC1CEFBA0573D5E9EA829F39
                                                                                                                                                                                                                                                                                        SHA1:49B3A2AFAC4424C6093C8D82807E17996AC1B079
                                                                                                                                                                                                                                                                                        SHA-256:10A0F1F9960506CE5E9A1C1B460EA877C0D8D2094FE501EDE71594F66E3068B8
                                                                                                                                                                                                                                                                                        SHA-512:FAB3543B898E7C58ED014ABAFAC4ABA258880EB6903B2C3649B4077F83AE2B24DE1B60CF6B044A75606CDABDDE7A8F405739C96AF8692A0933E2861B861A0D39
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"logTime": "1005/074019", "correlationVector":"Jzai6BfByv5amZ45/NBe5r","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/074027", "correlationVector":"eO8FwRQNRwFtIUhPNa0yBN","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/074027", "correlationVector":"DFCC0B139A2547CAA3433B33892C7FE6","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075031", "correlationVector":"bWXPYvVSVVANvrGBV6dHxn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075032", "correlationVector":"4CD8E3A1D096444AAB77DA6A690C4356","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075123", "correlationVector":"t3DmiSvoNTibe+/mLDIMfl","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075124", "correlationVector":"B2B504519464422FA5C6E610072CF270","action":"FETCH_UX_CONFIG", "result":""}.{"logTime": "1005/075313", "correlationVector":"/q9eTq3f/ZawbQrLDVWKju","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1005/075314", "correlationVector":"138D0C7D

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\d7bb30c6-f393-41dd-acb2-b31e404bfaa5.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):11185
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                        MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                        SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                        SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                        SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1713120488\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1753
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.8889033066924155
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                                                                                                                                                                                        MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                                                                                                                                                                                        SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                                                                                                                                                                                        SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                                                                                                                                                                                        SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1713120488\CRX_INSTALL\content.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):9815
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.1716321262973315
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                                                                                                                                                                                        MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                                                                                                                                                                                        SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                                                                                                                                                                                        SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                                                                                                                                                                                        SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1713120488\CRX_INSTALL\content_new.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):10388
                                                                                                                                                                                                                                                                                        Entropy (8bit):6.174387413738973
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                                                                                                                                                                                        MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                                                                                                                                                                                        SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                                                                                                                                                                                        SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                                                                                                                                                                                        SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1713120488\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):962
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.698567446030411
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                                                                                                                                                                                        MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                                                                                                                                                                                        SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                                                                                                                                                                                        SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                                                                                                                                                                                        SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1713120488\d7bb30c6-f393-41dd-acb2-b31e404bfaa5.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):11185
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.951995436832936
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                                                                                                                                                                                        MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                                                                                                                                                                                        SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                                                                                                                                                                                        SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                                                                                                                                                                                        SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\0d26cbc0-5c13-4c45-9b01-9922ad326302.tmp

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:Google Chrome extension, version 3
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):138356
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.809609231921042
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3072:AQ++ZdS5+fnwcxO+XwquyeNnmraugZ/1DOoncWD/5q:AQ++/PZmlyeNnh/1SmRq
                                                                                                                                                                                                                                                                                        MD5:3F6F93C3DCCD4A91C4EB25C7F6FEB1C1
                                                                                                                                                                                                                                                                                        SHA1:9B73F46ADFA1F4464929B408407E73D4535C6827
                                                                                                                                                                                                                                                                                        SHA-256:19F05352CB4C6E231C1C000B6C8B7E9EDCC1E8082CAF46FFF16B239D32AA7C9E
                                                                                                                                                                                                                                                                                        SHA-512:D488FA67E3A29D0147E9EAF2EABC74D9A255F8470CF79A4AEA60E3B3B5E48A3FCBC4FC3E9CE58DFF8D7D0CAA8AE749295F221E1FE1BA5D20DEB2D97544A12BA4
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[........q.a.....E..i.t,..7C..7!...`l.-.......T.vH...~.....'..aH..C.oJOE..d..2..$J......I..;.(9l.(..+.N.6.@...].a.n.S.6..=.b.W.\....o...#.~J.W.1..E...2H....S.g0....../.H...y.O8...kE.,..m!..F.D.p......H..s.W ...#.L........Ij.........-..n..\..vD.d.V.....!......[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. ?Eq.M...[6^...+.].G..Y]...7..o.. U...v....P.J...@.E!...B.d..p..i".%............oo.<....~=..!t.+...`....h..LK....0....h...,.R%.....u...._..V_.q:_._..5}.uS\.....x?...~]..C-....S=L...._c.P.B....-M...62.i*.Q.....9.....+S=...../6:...W..ql/g..&j.y..{.."....|..F....|....V....w.%t.y..?..&..a..<.n....S+|..=.ra.....

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\128.png

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):4982
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.929761711048726
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                                                                                                                                                                                        MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                                                                                                                                                                                        SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                                                                                                                                                                                        SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                                                                                                                                                                                        SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\af\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):908
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.512512697156616
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                                                                                                                                                                                        MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                                                                                                                                                                                        SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                                                                                                                                                                                        SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                                                                                                                                                                                        SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\am\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1285
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.702209356847184
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                                                                                                                                                                                        MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                                                                                                                                                                                        SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                                                                                                                                                                                        SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                                                                                                                                                                                        SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1244
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.5533961615623735
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                                                                                                                                                                                        MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                                                                                                                                                                                        SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                                                                                                                                                                                        SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                                                                                                                                                                                        SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\az\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):977
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.867640976960053
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                                                                                                                                                                                        MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                                                                                                                                                                                        SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                                                                                                                                                                                        SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                                                                                                                                                                                        SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\be\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):3107
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.535189746470889
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                                                                                                                                                                                        MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                                                                                                                                                                                        SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                                                                                                                                                                                        SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                                                                                                                                                                                        SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1389
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.561317517930672
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                                                                                                                                                                                        MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                                                                                                                                                                                        SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                                                                                                                                                                                        SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                                                                                                                                                                                        SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1763
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.25392954144533
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                                                                                                                                                                                        MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                                                                                                                                                                                        SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                                                                                                                                                                                        SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                                                                                                                                                                                        SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):930
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.569672473374877
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                                                                                                                                                                                        MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                                                                                                                                                                                        SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                                                                                                                                                                                        SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                                                                                                                                                                                        SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):913
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.947221919047
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                                                                                                                                                                                        MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                                                                                                                                                                                        SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                                                                                                                                                                                        SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                                                                                                                                                                                        SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):806
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.815663786215102
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                                                                                                                                                                                        MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                                                                                                                                                                                        SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                                                                                                                                                                                        SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                                                                                                                                                                                        SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\da\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):883
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.5096240460083905
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                                                                                                                                                                                        MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                                                                                                                                                                                        SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                                                                                                                                                                                        SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                                                                                                                                                                                        SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\de\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1031
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.621865814402898
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                                                                                                                                                                                        MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                                                                                                                                                                                        SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                                                                                                                                                                                        SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                                                                                                                                                                                        SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\el\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1613
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.618182455684241
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                                                                                                                                                                                        MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                                                                                                                                                                                        SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                                                                                                                                                                                        SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                                                                                                                                                                                        SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\en\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):851
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                        MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                        SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                        SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                        SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):851
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.4858053753176526
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                                                                                                                                                                                        MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                                                                                                                                                                                        SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                                                                                                                                                                                        SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                                                                                                                                                                                        SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):848
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.494568170878587
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                                                                                                                                                                                        MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                                                                                                                                                                                        SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                                                                                                                                                                                        SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                                                                                                                                                                                        SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1425
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.461560329690825
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                                                                                                                                                                                        MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                                                                                                                                                                                        SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                                                                                                                                                                                        SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                                                                                                                                                                                        SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\es\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):961
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.537633413451255
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                                                                                                                                                                                        MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                                                                                                                                                                                        SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                                                                                                                                                                                        SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                                                                                                                                                                                        SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):959
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.570019855018913
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                                                                                                                                                                                        MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                                                                                                                                                                                        SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                                                                                                                                                                                        SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                                                                                                                                                                                        SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\et\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):968
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.633956349931516
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                                                                                                                                                                                        MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                                                                                                                                                                                        SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                                                                                                                                                                                        SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                                                                                                                                                                                        SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):838
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.4975520913636595
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                                                                                                                                                                                        MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                                                                                                                                                                                        SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                                                                                                                                                                                        SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                                                                                                                                                                                        SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1305
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.673517697192589
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                                                                                                                                                                                        MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                                                                                                                                                                                        SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                                                                                                                                                                                        SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                                                                                                                                                                                        SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):911
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.6294343834070935
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                                                                                                                                                                                        MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                                                                                                                                                                                        SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                                                                                                                                                                                        SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                                                                                                                                                                                        SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):939
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.451724169062555
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                                                                                                                                                                                        MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                                                                                                                                                                                        SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                                                                                                                                                                                        SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                                                                                                                                                                                        SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):977
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.622066056638277
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                                                                                                                                                                                        MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                                                                                                                                                                                        SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                                                                                                                                                                                        SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                                                                                                                                                                                        SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):972
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.621319511196614
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                                                                                                                                                                                        MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                                                                                                                                                                                        SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                                                                                                                                                                                        SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                                                                                                                                                                                        SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):990
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.497202347098541
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                                                                                                                                                                                        MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                                                                                                                                                                                        SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                                                                                                                                                                                        SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                                                                                                                                                                                        SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1658
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.294833932445159
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                                                                                                                                                                                        MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                                                                                                                                                                                        SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                                                                                                                                                                                        SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                                                                                                                                                                                        SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1672
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.314484457325167
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                                                                                                                                                                                        MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                                                                                                                                                                                        SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                                                                                                                                                                                        SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                                                                                                                                                                                        SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):935
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.6369398601609735
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                                                                                                                                                                                        MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                                                                                                                                                                                        SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                                                                                                                                                                                        SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                                                                                                                                                                                        SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1065
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.816501737523951
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                                                                                                                                                                                        MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                                                                                                                                                                                        SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                                                                                                                                                                                        SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                                                                                                                                                                                        SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2771
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.7629875118570055
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                                                                                                                                                                                        MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                                                                                                                                                                                        SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                                                                                                                                                                                        SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                                                                                                                                                                                        SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\id\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):858
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.474411340525479
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                                                                                                                                                                                        MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                                                                                                                                                                                        SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                                                                                                                                                                                        SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                                                                                                                                                                                        SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\is\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):954
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.6457079159286545
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:YGXU2rOcxGe+J97M9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95Mw89KkJ+je:YwBrD2g2DBLMfFuWvdpY94viDO+uh
                                                                                                                                                                                                                                                                                        MD5:CAEB37F451B5B5E9F5EB2E7E7F46E2D7
                                                                                                                                                                                                                                                                                        SHA1:F917F9EAE268A385A10DB3E19E3CC3ACED56D02E
                                                                                                                                                                                                                                                                                        SHA-256:943E61988C859BB088F548889F0449885525DD660626A89BA67B2C94CFBFBB1B
                                                                                                                                                                                                                                                                                        SHA-512:A55DEC2404E1D7FA5A05475284CBECC2A6208730F09A227D75FDD4AC82CE50F3751C89DC687C14B91950F9AA85503BD6BF705113F2F1D478E728DF64D476A9EE
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google-skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google-skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\it\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):899
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.474743599345443
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                                                                                                                                                                                        MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                                                                                                                                                                                        SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                                                                                                                                                                                        SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                                                                                                                                                                                        SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2230
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.8239097369647634
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                                                                                                                                                                                        MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                                                                                                                                                                                        SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                                                                                                                                                                                        SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                                                                                                                                                                                        SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1160
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.292894989863142
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                                                                                                                                                                                        MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                                                                                                                                                                                        SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                                                                                                                                                                                        SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                                                                                                                                                                                        SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):3264
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.586016059431306
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                                                                                                                                                                                        MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                                                                                                                                                                                        SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                                                                                                                                                                                        SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                                                                                                                                                                                        SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):3235
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.6081439490236464
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                                                                                                                                                                                        MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                                                                                                                                                                                        SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                                                                                                                                                                                        SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                                                                                                                                                                                        SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\km\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):3122
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.891443295908904
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                                                                                                                                                                                        MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                                                                                                                                                                                        SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                                                                                                                                                                                        SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                                                                                                                                                                                        SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1895
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.28990403715536
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/U0WG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZ0J
                                                                                                                                                                                                                                                                                        MD5:38BE0974108FC1CC30F13D8230EE5C40
                                                                                                                                                                                                                                                                                        SHA1:ACF44889DD07DB97D26D534AD5AFA1BC1A827BAD
                                                                                                                                                                                                                                                                                        SHA-256:30078EF35A76E02A400F03B3698708A0145D9B57241CC4009E010696895CF3A1
                                                                                                                                                                                                                                                                                        SHA-512:7BDB2BADE4680801FC3B33E82C8AA4FAC648F45C795B4BACE4669D6E907A578FF181C093464884C0E00C9762E8DB75586A253D55CD10A7777D281B4BFFAFE302
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1042
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.3945675025513955
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                                                                                                                                                                                        MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                                                                                                                                                                                        SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                                                                                                                                                                                        SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                                                                                                                                                                                        SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2535
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.8479764584971368
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                                                                                                                                                                                        MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                                                                                                                                                                                        SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                                                                                                                                                                                        SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                                                                                                                                                                                        SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1028
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.797571191712988
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                                                                                                                                                                                        MD5:970544AB4622701FFDF66DC556847652
                                                                                                                                                                                                                                                                                        SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                                                                                                                                                                                        SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                                                                                                                                                                                        SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):994
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.700308832360794
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                                                                                                                                                                                        MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                                                                                                                                                                                        SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                                                                                                                                                                                        SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                                                                                                                                                                                        SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2091
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.358252286391144
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                                                                                                                                                                                        MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                                                                                                                                                                                        SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                                                                                                                                                                                        SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                                                                                                                                                                                        SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2778
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.595196082412897
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                                                                                                                                                                                        MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                                                                                                                                                                                        SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                                                                                                                                                                                        SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                                                                                                                                                                                        SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1719
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.287702203591075
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                                                                                                                                                                                        MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                                                                                                                                                                                        SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                                                                                                                                                                                        SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                                                                                                                                                                                        SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):936
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.457879437756106
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                                                                                                                                                                                        MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                                                                                                                                                                                        SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                                                                                                                                                                                        SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                                                                                                                                                                                        SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\my\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):3830
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.5483353063347587
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                                                                                                                                                                                        MD5:342335A22F1886B8BC92008597326B24
                                                                                                                                                                                                                                                                                        SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                                                                                                                                                                                        SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                                                                                                                                                                                        SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1898
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.187050294267571
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                                                                                                                                                                                        MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                                                                                                                                                                                        SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                                                                                                                                                                                        SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                                                                                                                                                                                        SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):914
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.513485418448461
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                                                                                                                                                                                        MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                                                                                                                                                                                        SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                                                                                                                                                                                        SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                                                                                                                                                                                        SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\no\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):878
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.4541485835627475
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                                                                                                                                                                                        MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                                                                                                                                                                                        SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                                                                                                                                                                                        SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                                                                                                                                                                                        SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2766
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.839730779948262
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                                                                                                                                                                                        MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                                                                                                                                                                                        SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                                                                                                                                                                                        SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                                                                                                                                                                                        SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):978
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.879137540019932
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                                                                                                                                                                                        MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                                                                                                                                                                                        SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                                                                                                                                                                                        SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                                                                                                                                                                                        SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):907
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.599411354657937
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                                                                                                                                                                                        MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                                                                                                                                                                                        SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                                                                                                                                                                                        SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                                                                                                                                                                                        SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):914
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.604761241355716
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                                                                                                                                                                                        MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                                                                                                                                                                                        SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                                                                                                                                                                                        SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                                                                                                                                                                                        SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):937
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.686555713975264
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                                                                                                                                                                                        MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                                                                                                                                                                                        SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                                                                                                                                                                                        SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                                                                                                                                                                                        SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1337
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.69531415794894
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                                                                                                                                                                                        MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                                                                                                                                                                                        SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                                                                                                                                                                                        SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                                                                                                                                                                                        SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\si\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2846
                                                                                                                                                                                                                                                                                        Entropy (8bit):3.7416822879702547
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                                                                                                                                                                                        MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                                                                                                                                                                                        SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                                                                                                                                                                                        SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                                                                                                                                                                                        SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):934
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.882122893545996
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                                                                                                                                                                                        MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                                                                                                                                                                                        SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                                                                                                                                                                                        SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                                                                                                                                                                                        SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):963
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.6041913416245
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                                                                                                                                                                                        MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                                                                                                                                                                                        SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                                                                                                                                                                                        SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                                                                                                                                                                                        SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1320
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.569671329405572
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                                                                                                                                                                                        MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                                                                                                                                                                                        SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                                                                                                                                                                                        SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                                                                                                                                                                                        SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):884
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.627108704340797
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                                                                                                                                                                                        MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                                                                                                                                                                                        SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                                                                                                                                                                                        SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                                                                                                                                                                                        SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):980
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.50673686618174
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                                                                                                                                                                                        MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                                                                                                                                                                                        SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                                                                                                                                                                                        SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                                                                                                                                                                                        SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1941
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.132139619026436
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                                                                                                                                                                                        MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                                                                                                                                                                                        SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                                                                                                                                                                                        SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                                                                                                                                                                                        SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\te\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1969
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.327258153043599
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                                                                                                                                                                                        MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                                                                                                                                                                                        SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                                                                                                                                                                                        SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                                                                                                                                                                                        SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\th\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1674
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.343724179386811
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                                                                                                                                                                                        MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                                                                                                                                                                                        SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                                                                                                                                                                                        SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                                                                                                                                                                                        SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1063
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.853399816115876
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                                                                                                                                                                                        MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                                                                                                                                                                                        SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                                                                                                                                                                                        SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                                                                                                                                                                                        SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1333
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.686760246306605
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                                                                                                                                                                                        MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                                                                                                                                                                                        SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                                                                                                                                                                                        SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                                                                                                                                                                                        SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1263
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.861856182762435
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                                                                                                                                                                                        MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                                                                                                                                                                                        SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                                                                                                                                                                                        SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                                                                                                                                                                                        SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1074
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.062722522759407
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                                                                                                                                                                                        MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                                                                                                                                                                                        SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                                                                                                                                                                                        SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                                                                                                                                                                                        SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):879
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.7905809868505544
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                                                                                                                                                                                        MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                                                                                                                                                                                        SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                                                                                                                                                                                        SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                                                                                                                                                                                        SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):1205
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.50367724745418
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                                                                                                                                                                                        MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                                                                                                                                                                                        SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                                                                                                                                                                                        SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                                                                                                                                                                                        SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):843
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.76581227215314
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                                                                                                                                                                                        MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                                                                                                                                                                                        SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                                                                                                                                                                                        SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                                                                                                                                                                                        SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):912
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.65963951143349
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                                                                                                                                                                                        MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                                                                                                                                                                                        SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                                                                                                                                                                                        SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                                                                                                                                                                                        SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):11280
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.751992630887702
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsNLJtwg+K8HNnswuHEIIMuuqd7CKqvUpGTcjG:m8IEI4u8Rp
                                                                                                                                                                                                                                                                                        MD5:250C48F4915DD4C0DFA7E7E021A4F066
                                                                                                                                                                                                                                                                                        SHA1:092A98BF40D8C18280393BF3811A7DFA9A9FD326
                                                                                                                                                                                                                                                                                        SHA-256:26D9B129339E2E2EB8E0223E16DB3CF0EA220AC0799480D462C236E6A425665E
                                                                                                                                                                                                                                                                                        SHA-512:8B18E232992E55E8DA97AC46D7AACA061508341D1EADCEFF1E9D0677734DFA8B892AB44754A3AA100585F5B2F2562BC4F2D7103065050FFCD00F91D5915CE5E6
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):854
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.284628987131403
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                                                                                                                                                                                        MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                                                                                                                                                                                        SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                                                                                                                                                                                        SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                                                                                                                                                                                        SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\manifest.json

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:JSON data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):2525
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.417833205646285
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1K9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APKgiVb
                                                                                                                                                                                                                                                                                        MD5:236D2DD305D64C2B6ABD232ED53270DF
                                                                                                                                                                                                                                                                                        SHA1:9F6885E95FBC4213631F0B0EA49C803D07D34136
                                                                                                                                                                                                                                                                                        SHA-256:2A4D526B9D1C8665427FB9E0DA58D16FDDE382DD74C1258941B18701EF7880C3
                                                                                                                                                                                                                                                                                        SHA-512:B76AF22153F79BCA2429A23746A62A430A521E952E7F94936648ECFD25AFDD9801ACBF6FD16941918A4FEDE39DE747AB6C6336BC86CA74384920AF7E815DB855
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\offscreendocument.html

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:HTML document, ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):97
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.862433271815736
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                                                                                                                                                                                        MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                                                                                                                                                                                        SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                                                                                                                                                                                        SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                                                                                                                                                                                        SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\offscreendocument_main.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3777)
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):98880
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.414989230634404
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:M+TW9bPq1M3ZOC0pJ/BjXf3Zk/7hry6fq66V3gr9KUw5SXfPxhZhGurH6c/V:WPLZwJJXf3ZvRV3gJKU/fP+urHRV
                                                                                                                                                                                                                                                                                        MD5:DC93A1045D1AD8D7ADD06B93B2FE79E2
                                                                                                                                                                                                                                                                                        SHA1:CAFCC8DB7F8E3FD2F8C1EFAC7B385D7616F55EA3
                                                                                                                                                                                                                                                                                        SHA-256:D5CEB4449384CD2D7898C052B7B99417961880945FC4EAE80EBBAF8E24CC0A3E
                                                                                                                                                                                                                                                                                        SHA-512:025F7103D1F7D607825BE916D0131C1E04B295EB562974A77F5A16E7BF40250B5608071779B420E4738F86F09A6F7C889469FA898268894FFFEEB7465C589E81
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function l(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\page_embed_script.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):291
                                                                                                                                                                                                                                                                                        Entropy (8bit):4.65176400421739
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                                                                                                                                                                                        MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                                                                                                                                                                                        SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                                                                                                                                                                                        SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                                                                                                                                                                                        SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\scoped_dir7552_1939361136\CRX_INSTALL\service_worker_bin_prod.js

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        File Type:ASCII text, with very long lines (3782)
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):107677
                                                                                                                                                                                                                                                                                        Entropy (8bit):5.396220758526552
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:7nwyvB1qCo7mWUgsUopF5Xy4FlAwxdhvHcrdncqAKxwjBnKwIDQgrOChkPIgmrCp:wh6gstXy4FM5ncJKxCnKWgrd0v
                                                                                                                                                                                                                                                                                        MD5:E8015AC436B33034EDF7DA060E853A04
                                                                                                                                                                                                                                                                                        SHA1:62D0F6EB0E441158A1F56F6E0C70D3D229B57886
                                                                                                                                                                                                                                                                                        SHA-256:23C953E989FF4AF6126D4A3B2AD21B33A82512FC8768045C00F05940DE2C9978
                                                                                                                                                                                                                                                                                        SHA-512:C35AC8692FC22B78365CA202E173A90AE4B5DBA338B7FC9EEB17EDDF5868B52CF1D13DC0EDAF36BE1CC0E0152F41AC4027C51D7ECA27778B483E3FC83F11EA82
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:'use strict';function aa(){return function(a){return a}}function ba(){return function(){}}function k(a){return function(){return this[a]}}function ca(a){return function(){return a}}var n;function da(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function fa(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=fa(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new Ty

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\~DF45A9367251D86234.TMP

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):16384
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.09342891393463698
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:a/vllIcalyPSQl3+tsMdueSl1Nt6YsK+aueSl1:i9lIcatQ0tfRwH5yaRw
                                                                                                                                                                                                                                                                                        MD5:DE635AC5298E720DA3160D8930739991
                                                                                                                                                                                                                                                                                        SHA1:C32955F5DBB4F1E3C77E20F7AA0F6E9F7B4268BE
                                                                                                                                                                                                                                                                                        SHA-256:B6C3A3C133EE5E361CB52BE8C09E1112A0583A4C9D7BDF0E2A0D848C478F2E9D
                                                                                                                                                                                                                                                                                        SHA-512:72DD267E8EFA49E5FED9EB6E90BB3B006FE4B25426CD577163CE8B13A251C210352B69F74E5678565B24ED29965DA06A32743F750E14981884926F1A28A0507A
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\~DF601FB22FBB46F72A.TMP

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):16384
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.13468872724990194
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:6:yh4P71KaQUcVbhsKGg34y3WoK373kRb1:uwhBcVbh7934y38373
                                                                                                                                                                                                                                                                                        MD5:244982E93EA0FA05B603B6C7DD246504
                                                                                                                                                                                                                                                                                        SHA1:388DB76100498E8516D40509567BC1C47DB2B5A9
                                                                                                                                                                                                                                                                                        SHA-256:1038BF9FC9AB73B93A42F4BF91AC47334690E03B446CB168BC847CDAEFD47744
                                                                                                                                                                                                                                                                                        SHA-512:797DE5EEFA31A3588FA149AB61B88C7B09BF96060120426CE2987C09D2C4D9F157E25FC175A52E34A502861861A287C6A66E3EA4E4D011FC05E988F7AAF4A154
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\~DF816C9E46CB83AEE7.TMP

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):16384
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.2364979660455589
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:3NvM7yGpSU3NvM7y8Dy+DygoDyKqDlsN16gJ8H1C:9vqyVKvqy6yEyvy5DlsNUAc
                                                                                                                                                                                                                                                                                        MD5:766DC8C2D2B704377A5D7A7CF489F4B1
                                                                                                                                                                                                                                                                                        SHA1:DD1B20EA878BAC7D8AEB1A77C3EEE35429A069BE
                                                                                                                                                                                                                                                                                        SHA-256:56669F04C60CBD07A2EE32D7B66236E4DE354EE94A1C34BAF25B6B3ED203E159
                                                                                                                                                                                                                                                                                        SHA-512:59EAE579720FCD522F65D796101FD2B16EE20DD5D9812386436345BFE009961C3A6785F994E85AAFAEDC9F198E58BC671D367377550604CD99CF76EB88211E94
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\~DF883737C31EEA5A82.TMP

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):16384
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.5192341155055568
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:24:9vqyVKvqy6yEyvy5DlsN5AcoAhfy0zDQToRUYM:9SgKS9LYu0OufygjRUYM
                                                                                                                                                                                                                                                                                        MD5:8F27DFE1AF2A1D08BDC73CD62A592D81
                                                                                                                                                                                                                                                                                        SHA1:2C508F83471CA1189448CBE27766132A814E5C49
                                                                                                                                                                                                                                                                                        SHA-256:8AD884C94C3924B4A0DE9AC0AFC1024A79C342EC315A8162537A1A5FEAB90080
                                                                                                                                                                                                                                                                                        SHA-512:3ECF9508021BDFE0AD9653C9D9F731F6FF773F4167289D360683FC73021FDB11381E9819B473E21C33DE963BC84F3E6B2F4CAD57EE2131FEA022C6B2D72308D3
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\~DFC1BEF1BAD5311CF9.TMP

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):16384
                                                                                                                                                                                                                                                                                        Entropy (8bit):0.2518257143137902
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:12:3NvM7yGpSU3NvM7y8Dy+DygoDyKqDlsN2cgJ8H1CdcH:9vqyVKvqy6yEyvy5DlsN5Acqs
                                                                                                                                                                                                                                                                                        MD5:004CAFA99C4C60985C328AFB29FEA50D
                                                                                                                                                                                                                                                                                        SHA1:2238CB441307DD14596A019DDAE3310585C41D5D
                                                                                                                                                                                                                                                                                        SHA-256:519E46DDE2B41C058BD09CA79C9BF37BB5DA3DA1460BBB275DE8E82F933ED4C9
                                                                                                                                                                                                                                                                                        SHA-512:08CF857A22615AF4A9F778166BD3C16C2794CAE64F107127134857C212B3985ABB955C52B1214B0F2A63978ACB28861F375F5D651F74FD56261588D1D6EECD10
                                                                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                                                                        Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\loaddll32Srv.exe

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Windows\System32\loaddll32.exe
                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):56320
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.885141518979198
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:Q+hzRsibKplyXTq8OGRnsPFG+RODTb7MXL5uXZnzE:bROzoTq0+RO7IwnY
                                                                                                                                                                                                                                                                                        MD5:FF5E1F27193CE51EEC318714EF038BEF
                                                                                                                                                                                                                                                                                        SHA1:B4FA74A6F4DAB3A7BA702B6C8C129F889DB32CA6
                                                                                                                                                                                                                                                                                        SHA-256:FD6C69C345F1E32924F0A5BB7393E191B393A78D58E2C6413B03CED7482F2320
                                                                                                                                                                                                                                                                                        SHA-512:C9D654EAD35F40EEA484A3DC5B5D0A44294B9E7B41A9BACDAFDD463D3DE9DAA2A43237A5F113F6A9C8EA5E1366823FD3D83DA18CD8197AA69A55E9F345512A7A
                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                                                                        • Rule: MAL_Ramnit_May19_1, Description: Detects Ramnit malware, Source: C:\Windows\SysWOW64\loaddll32Srv.exe, Author: Florian Roth
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 100%
                                                                                                                                                                                                                                                                                        Preview:MZ......................@.......................................................................................................................................................................................................................................PE..L....|.G............................0.............@.................................................................................................................................................................................................UPX0....................................UPX1................................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................................................3.03.UPX!....

                                                                                                                                                                                                                                                                                        C:\Windows\SysWOW64\rundll32Srv.exe

                                                                                                                                                                                                                                                                                        Download File
                                                                                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                                                                        Size (bytes):56320
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.885141518979198
                                                                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                                                                        SSDEEP:1536:Q+hzRsibKplyXTq8OGRnsPFG+RODTb7MXL5uXZnzE:bROzoTq0+RO7IwnY
                                                                                                                                                                                                                                                                                        MD5:FF5E1F27193CE51EEC318714EF038BEF
                                                                                                                                                                                                                                                                                        SHA1:B4FA74A6F4DAB3A7BA702B6C8C129F889DB32CA6
                                                                                                                                                                                                                                                                                        SHA-256:FD6C69C345F1E32924F0A5BB7393E191B393A78D58E2C6413B03CED7482F2320
                                                                                                                                                                                                                                                                                        SHA-512:C9D654EAD35F40EEA484A3DC5B5D0A44294B9E7B41A9BACDAFDD463D3DE9DAA2A43237A5F113F6A9C8EA5E1366823FD3D83DA18CD8197AA69A55E9F345512A7A
                                                                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                                                                        Yara Hits:
                                                                                                                                                                                                                                                                                        • Rule: MAL_Ramnit_May19_1, Description: Detects Ramnit malware, Source: C:\Windows\SysWOW64\rundll32Srv.exe, Author: Florian Roth
                                                                                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 100%
                                                                                                                                                                                                                                                                                        Preview:MZ......................@.......................................................................................................................................................................................................................................PE..L....|.G............................0.............@.................................................................................................................................................................................................UPX0....................................UPX1................................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................................................3.03.UPX!....

                                                                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                        Entropy (8bit):7.504137978064402
                                                                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                                                                        • Win32 Dynamic Link Library (generic) (1002004/3) 99.60%
                                                                                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.20%
                                                                                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.20%
                                                                                                                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                        File name:WSock.dll
                                                                                                                                                                                                                                                                                        File size:94'208 bytes
                                                                                                                                                                                                                                                                                        MD5:3612fee7ae3ee6480c3804845c579255
                                                                                                                                                                                                                                                                                        SHA1:6254940b4247ba8a0581a362813be070d0e34b99
                                                                                                                                                                                                                                                                                        SHA256:990357fe141b7e0ef376eb3d71279a6d160f8bbbd3e6d25e269c34af50e6ef04
                                                                                                                                                                                                                                                                                        SHA512:ff0e160782039acc1f33a8beddcc8b58324fc61cde7b3b63346ab1295c9d6c2887fe0360bab23c978d893c9d228338e6c46790394a6b04ad17eca96d5da23b63
                                                                                                                                                                                                                                                                                        SSDEEP:1536:YbeVnaYp+HbnvyeUMfF5TF4LIDA8VeKF0tk/Y88/3TGo3Mqr8j98ypwm/RO43gYZ:YdTfFUO1UO0q/YP/3Tr3MqgOPk99q2c
                                                                                                                                                                                                                                                                                        TLSH:7093CF11B71010F2E4665A7A22EE4B76721F6C011BF053C35F3CE98DAF369E5A93A712
                                                                                                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M...M...M.......Y...............L.......O...M...........J.......H.......L.......L.......L...RichM...................PE..L..

                                                                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                                                                        Icon Hash:7ae282899bbab082

                                                                                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Entrypoint:0x1000d000
                                                                                                                                                                                                                                                                                        Entrypoint Section:.rmnet
                                                                                                                                                                                                                                                                                        Digitally signed:false
                                                                                                                                                                                                                                                                                        Imagebase:0x10000000
                                                                                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DLL
                                                                                                                                                                                                                                                                                        DLL Characteristics:
                                                                                                                                                                                                                                                                                        Time Stamp:0x3DB4B4D8 [Tue Oct 22 02:15:52 2002 UTC]
                                                                                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                                                                                                                        OS Version Major:4
                                                                                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                                                                                        File Version Major:4
                                                                                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                                                                                        Subsystem Version Major:4
                                                                                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                        Import Hash:d6c5532ab4e867800429b207c6f6d4d8

                                                                                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                                                                                        pushad
                                                                                                                                                                                                                                                                                        call 00007F280D061D65h
                                                                                                                                                                                                                                                                                        pop ebp
                                                                                                                                                                                                                                                                                        mov eax, ebp
                                                                                                                                                                                                                                                                                        sub ebp, 20016F32h
                                                                                                                                                                                                                                                                                        sub eax, dword ptr [ebp+20017250h]
                                                                                                                                                                                                                                                                                        mov dword ptr [ebp+2001724Ch], eax
                                                                                                                                                                                                                                                                                        mov al, 00h
                                                                                                                                                                                                                                                                                        xchg byte ptr [ebp+2001749Eh], al
                                                                                                                                                                                                                                                                                        cmp al, 01h
                                                                                                                                                                                                                                                                                        jne 00007F280D062044h
                                                                                                                                                                                                                                                                                        mov eax, dword ptr [ebp+2001724Ch]
                                                                                                                                                                                                                                                                                        sub eax, dword ptr [ebp+20017258h]
                                                                                                                                                                                                                                                                                        mov eax, dword ptr [eax]
                                                                                                                                                                                                                                                                                        mov dword ptr [ebp+200173EAh], eax
                                                                                                                                                                                                                                                                                        mov eax, dword ptr [ebp+2001724Ch]
                                                                                                                                                                                                                                                                                        sub eax, dword ptr [ebp+2001725Ch]
                                                                                                                                                                                                                                                                                        mov eax, dword ptr [eax]
                                                                                                                                                                                                                                                                                        mov dword ptr [ebp+200173F2h], eax
                                                                                                                                                                                                                                                                                        cmp dword ptr [ebp+200173F2h], 00000000h
                                                                                                                                                                                                                                                                                        je 00007F280D06200Fh
                                                                                                                                                                                                                                                                                        cmp dword ptr [ebp+200173EAh], 00000000h
                                                                                                                                                                                                                                                                                        je 00007F280D062002h
                                                                                                                                                                                                                                                                                        lea eax, dword ptr [ebp+2001748Dh]
                                                                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                                                                        call dword ptr [ebp+200173EAh]
                                                                                                                                                                                                                                                                                        cmp eax, 00000000h
                                                                                                                                                                                                                                                                                        je 00007F280D061FECh
                                                                                                                                                                                                                                                                                        mov dword ptr [ebp+200173E6h], eax
                                                                                                                                                                                                                                                                                        lea eax, dword ptr [ebp+20017416h]
                                                                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                                                                        push dword ptr [ebp+200173E6h]
                                                                                                                                                                                                                                                                                        call dword ptr [ebp+200173F2h]
                                                                                                                                                                                                                                                                                        cmp eax, 00000000h
                                                                                                                                                                                                                                                                                        je 00007F280D061FBEh
                                                                                                                                                                                                                                                                                        mov dword ptr [ebp+200173EEh], eax
                                                                                                                                                                                                                                                                                        lea eax, dword ptr [ebp+20017422h]
                                                                                                                                                                                                                                                                                        push eax
                                                                                                                                                                                                                                                                                        push dword ptr [ebp+200173E6h]
                                                                                                                                                                                                                                                                                        call dword ptr [ebp+200173F2h]
                                                                                                                                                                                                                                                                                        cmp eax, 00000000h
                                                                                                                                                                                                                                                                                        je 00007F280D061F9Ch

                                                                                                                                                                                                                                                                                        Rich Headers

                                                                                                                                                                                                                                                                                        Programming Language:
                                                                                                                                                                                                                                                                                        • [ASM] VS2002 (.NET) build 9466
                                                                                                                                                                                                                                                                                        • [ C ] VS2002 (.NET) build 9466
                                                                                                                                                                                                                                                                                        • [C++] VS2002 (.NET) build 9466
                                                                                                                                                                                                                                                                                        • [EXP] VS2002 (.NET) build 9466
                                                                                                                                                                                                                                                                                        • [RES] VS2002 (.NET) build 9466
                                                                                                                                                                                                                                                                                        • [LNK] VS2002 (.NET) build 9466

                                                                                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x84c00x92.rdata
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x7f4c0x50.rdata
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xb0000x98.rsrc
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xc0000x648.reloc
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x70000x118.rdata
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                        .text0x10000x59000x5a00459fac31dfa77a52a006bd1e312f0ec2False0.5995659722222222data6.624845083645834IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                        .rdata0x70000x15520x1600afcb7bc155921a61fbf06792f9d1346fFalse0.37659801136363635data4.955749141643499IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                        .data0x90000x12a00xa00a9c0780028a67f5dbed5eb318c3d15b1False0.276171875Matlab v4 mat-file (little endian) , numeric, rows 268460220, columns 2684622882.210983234154863IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                        .rsrc0xb0000x980x200690e90351d9d13d67d8e7b7c176b420bFalse0.13671875data0.5361627063611969IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                        .reloc0xc0000xca20xe00f9452719fcbe12595b425e6af06e7aaaFalse0.4017857142857143data3.8578548646049096IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                        .rmnet0xd0000xf0000xe200ebdcedf2259b645f93a2b36df2cdaaadFalse0.9687672842920354data7.97144485240936IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                        RT_STRING0xb0600x38dataKoreanNorth Korea0.6071428571428571
                                                                                                                                                                                                                                                                                        RT_STRING0xb0600x38dataKoreanSouth Korea0.6071428571428571

                                                                                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                                                                                        WS2_32.dllWSAStartup, recv, socket, htons, inet_addr, connect, WSAGetLastError, WSAAsyncSelect, WSACleanup, send, closesocket
                                                                                                                                                                                                                                                                                        USER32.dllLoadStringA
                                                                                                                                                                                                                                                                                        KERNEL32.dllSetHandleCount, VirtualQuery, GetSystemInfo, VirtualProtect, GetSystemTimeAsFileTime, GetCurrentProcessId, GetTickCount, QueryPerformanceCounter, LCMapStringW, HeapFree, HeapAlloc, GetCurrentThreadId, TlsSetValue, GetCommandLineA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, VirtualAlloc, HeapReAlloc, ExitProcess, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCurrentProcess, HeapSize, TlsFree, SetLastError, TlsGetValue, GetLastError, TlsAlloc, GetStdHandle, GetFileType, GetStartupInfoA, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, WriteFile, InitializeCriticalSection, GetACP, GetOEMCP, GetCPInfo, LoadLibraryA, RtlUnwind, GetLocaleInfoA, GetStringTypeA, MultiByteToWideChar, GetStringTypeW, LCMapStringA

                                                                                                                                                                                                                                                                                        Exports

                                                                                                                                                                                                                                                                                        NameOrdinalAddress
                                                                                                                                                                                                                                                                                        LibClassDesc30x10001020
                                                                                                                                                                                                                                                                                        LibDescription10x10001070
                                                                                                                                                                                                                                                                                        LibNumberClasses20x10001030
                                                                                                                                                                                                                                                                                        LibVersion40x10001030

                                                                                                                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                        KoreanNorth Korea
                                                                                                                                                                                                                                                                                        KoreanSouth Korea

                                                                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:24.691621065 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:24.691663027 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:24.691726923 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:24.691893101 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:24.691903114 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.453373909 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.453708887 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.453747988 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.454139948 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.454152107 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.454209089 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.454231977 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.454287052 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.454902887 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.456167936 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.456239939 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.456501007 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.456513882 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.638772011 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.725153923 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.725272894 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.725474119 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.725522995 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.728411913 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.728555918 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.728573084 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.734574080 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.734638929 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.734656096 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.740897894 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.740972996 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.740988970 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.747157097 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.747220039 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.747235060 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.753509998 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.753590107 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.753608942 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.759638071 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.762692928 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.762726068 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.765944958 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.766033888 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.766051054 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.817742109 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.818038940 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.818118095 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.818140984 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.818209887 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.818403959 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.820739985 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.823153973 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.823170900 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.826982975 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.827157021 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.827172041 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.833481073 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.833590031 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.833606005 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.839543104 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.841546059 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.841567039 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.845694065 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.845753908 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.845767975 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.852320910 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.852374077 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.852401972 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.858390093 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.858604908 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.858623028 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.864223957 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.865555048 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.865570068 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.869714022 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.869767904 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.869786024 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.875190020 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.875647068 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.875667095 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.880769014 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.880882025 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.880896091 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.885888100 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.887156010 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.887175083 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.891375065 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.891433001 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.891448021 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.900419950 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.900475979 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.900499105 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.911700964 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.911756992 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.911782980 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.912194014 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.912244081 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.912256956 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.912802935 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.913279057 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.913291931 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.915815115 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.915860891 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.915872097 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.919449091 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.919492006 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.919500113 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.922884941 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.922926903 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.922934055 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.926460028 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.926497936 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.926506042 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.929781914 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.929828882 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.929836035 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.931428909 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.931488037 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.931494951 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.934726000 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.934772968 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.934782028 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.940520048 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.940566063 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.940577030 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.943700075 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.943748951 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.943758965 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.948079109 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.948127031 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.948134899 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.953313112 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.953353882 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.953362942 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.954431057 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.954472065 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.954480886 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.957637072 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.957681894 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.957690001 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.961237907 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.961437941 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.961447954 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.964757919 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.964822054 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.964831114 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.969594955 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.969672918 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.969686985 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.975068092 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.975091934 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.975120068 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.975131035 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.975164890 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.975728989 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.986434937 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.986577034 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.986602068 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.986608982 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.986632109 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.986650944 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.987911940 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.987943888 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.987974882 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.987987041 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.988023043 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.988802910 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.991338968 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.991364956 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.991381884 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.991417885 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.991427898 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.991455078 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.991657019 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.991687059 CET44349713142.250.186.33192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:25.991744041 CET49713443192.168.2.7142.250.186.33
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.370229959 CET49726443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.370251894 CET44349726162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.370517969 CET49726443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.370752096 CET49726443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.370763063 CET44349726162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.371022940 CET49727443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.371052980 CET44349727162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.371160984 CET49727443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.371299982 CET49727443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.371316910 CET44349727162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.390296936 CET49728443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.390324116 CET44349728172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.390611887 CET49728443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.392070055 CET49728443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.392086029 CET44349728172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.827831030 CET44349726162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.831068039 CET44349727162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.837001085 CET49726443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.837022066 CET44349726162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.837145090 CET49727443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.837161064 CET44349727162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.838160038 CET44349726162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.838181973 CET44349727162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.838226080 CET49726443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.838267088 CET49727443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.853988886 CET49726443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.854083061 CET44349726162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.854422092 CET49727443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.854486942 CET44349727162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.854532003 CET49726443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.854548931 CET44349726162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.854763031 CET49727443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.854770899 CET44349727162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.864116907 CET44349728172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.866063118 CET49728443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.866087914 CET44349728172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.867822886 CET44349728172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.867907047 CET49728443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.891995907 CET49728443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.892165899 CET49728443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.892254114 CET44349728172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.941442966 CET49726443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.941625118 CET49727443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.962081909 CET44349726162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.962167978 CET44349726162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.962281942 CET49726443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.963402987 CET44349727162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.963537931 CET49726443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.963553905 CET44349726162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.963572025 CET44349727162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.963685036 CET49727443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.964217901 CET49727443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.964231968 CET44349727162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.972877026 CET49728443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.972896099 CET44349728172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:28.009639025 CET44349728172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:28.011169910 CET49728443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:28.028673887 CET49728443192.168.2.7172.64.41.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:28.028696060 CET44349728172.64.41.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:28.884529114 CET49743443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:28.884538889 CET4434974318.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:28.884660006 CET49743443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:28.884679079 CET49744443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:28.884732008 CET4434974418.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:28.884799957 CET49744443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:28.886071920 CET49743443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:28.886081934 CET4434974318.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:28.886151075 CET49744443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:28.886169910 CET4434974418.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.107492924 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.107520103 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.107630968 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.107745886 CET49752443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.107790947 CET44349752151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.107847929 CET49752443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.108388901 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.108402014 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.108475924 CET49752443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.108493090 CET44349752151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.411396027 CET49758443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.411418915 CET4434975818.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.411506891 CET49759443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.411516905 CET4434975918.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.411526918 CET49758443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.411609888 CET49759443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.411875010 CET49758443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.411879063 CET49759443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.411889076 CET4434975918.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.411892891 CET4434975818.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.577110052 CET4434974318.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.577198029 CET49743443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.578167915 CET4434974418.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.578233004 CET49744443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.617829084 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.618043900 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.618470907 CET44349752151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.618530989 CET49752443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.847210884 CET49765443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.847246885 CET44349765151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.847332954 CET49765443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.847562075 CET49766443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.847595930 CET44349766151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.847654104 CET49766443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.848798990 CET49765443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.848813057 CET44349765151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.848825932 CET49766443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.848845959 CET44349766151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.133225918 CET4434975818.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.133291960 CET49758443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.158941984 CET4434975918.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.159068108 CET49759443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.258018970 CET49743443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.258074045 CET4434974318.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.258409977 CET4434974318.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.258476973 CET49743443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.258789062 CET49744443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.258812904 CET4434974418.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.258996010 CET49743443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.259100914 CET4434974418.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.259151936 CET49744443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.278372049 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.278386116 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.278537989 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.278543949 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.279192924 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.279266119 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.285815954 CET49752443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.285836935 CET44349752151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.286091089 CET44349752151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.286159992 CET49752443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.299341917 CET4434974318.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.309844971 CET44349765151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.309953928 CET49765443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.314513922 CET44349766151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.314601898 CET49766443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.337794065 CET49766443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.337812901 CET44349766151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.338068962 CET44349766151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.338119030 CET49766443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.342478991 CET49765443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.342502117 CET44349765151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.342863083 CET44349765151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.342945099 CET49765443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.351870060 CET49758443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.351890087 CET4434975818.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.352020025 CET49766443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.352641106 CET4434975818.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.352704048 CET49758443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.353389025 CET49758443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.356918097 CET49759443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.356930971 CET4434975918.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.357180119 CET4434975918.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.357233047 CET49759443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.379468918 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.379542112 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.380141973 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.380215883 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.380250931 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.380300045 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.380341053 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.380426884 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.380436897 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.380477905 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.380528927 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.380736113 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.381128073 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.381361008 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.381416082 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.381422997 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.381470919 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.381474972 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.381514072 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.381517887 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.381620884 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.387804031 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.387875080 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.397717953 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.397783995 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.399327993 CET4434975818.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.399337053 CET44349766151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.443871021 CET4434974318.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.443927050 CET49743443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.443944931 CET4434974318.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.443962097 CET4434974318.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.444004059 CET49743443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.450871944 CET44349766151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.450928926 CET49766443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.468558073 CET44349766151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.468570948 CET44349766151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.468617916 CET44349766151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.468630075 CET49766443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.468651056 CET44349766151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.468684912 CET49766443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.468702078 CET49766443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.474134922 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.474180937 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.474194050 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.474224091 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.474230051 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.474235058 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.474258900 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.474298000 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.474365950 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.474405050 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.475087881 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.475125074 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.475128889 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.475163937 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.475167036 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.475198984 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.475203037 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.475239992 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.475243092 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.475275040 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.475903988 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.475946903 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.475950003 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.475986004 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.476057053 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.476094007 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.476097107 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.476133108 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.476852894 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.476897955 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.476898909 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.476908922 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.476936102 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.476994991 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.477032900 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.477035999 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.477076054 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.477936983 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.477987051 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.477989912 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.478029013 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.478115082 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.478166103 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.478169918 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.478204012 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.478655100 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.478701115 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.540251970 CET4434975818.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.540302038 CET49758443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.540544033 CET44349766151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.540564060 CET44349766151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.540615082 CET49766443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.540627003 CET44349766151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.540657043 CET49766443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.540671110 CET49766443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.540990114 CET4434975818.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.541019917 CET4434975818.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.541032076 CET49758443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.541059017 CET49758443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.542258978 CET44349766151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.542275906 CET44349766151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.542326927 CET49766443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.542335987 CET44349766151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.542359114 CET49766443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.542375088 CET49766443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.555712938 CET49743443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.555727959 CET4434974318.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.565727949 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.565737963 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.565766096 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.565790892 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.565798044 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.565823078 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.565841913 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.567027092 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.567044020 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.567095995 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.567100048 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.567130089 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.567150116 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.568116903 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.568166018 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.568173885 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.568233967 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.595439911 CET49751443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.595449924 CET44349751151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.600394011 CET49758443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.600420952 CET4434975818.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.600435972 CET49758443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.600466013 CET49758443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.601476908 CET49759443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.623004913 CET49744443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.628643990 CET44349766151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.628664017 CET44349766151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.628722906 CET49766443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.628748894 CET44349766151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.628767014 CET49766443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.628786087 CET49766443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.629707098 CET44349766151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.629722118 CET44349766151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.629791021 CET49766443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.629801989 CET44349766151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.629847050 CET49766443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.630254030 CET44349766151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.630314112 CET44349766151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.630330086 CET49766443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.630372047 CET49766443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.630428076 CET49766443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.630438089 CET44349766151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.630446911 CET49766443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.630484104 CET49766443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.647322893 CET4434975918.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.667337894 CET4434974418.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.795805931 CET4434975918.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.795862913 CET49759443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.796025991 CET4434975918.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.796063900 CET49759443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.796077013 CET4434975918.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.796123981 CET49759443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.808516979 CET49759443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.808536053 CET4434975918.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.811839104 CET4434974418.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.811892986 CET49744443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.812125921 CET4434974418.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.812172890 CET49744443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.812201023 CET4434974418.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.812244892 CET49744443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.819540977 CET49744443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.819564104 CET4434974418.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.248589993 CET49786443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.248646021 CET44349786162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.248709917 CET49786443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.248822927 CET49787443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.248861074 CET44349787162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.248904943 CET49787443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.249322891 CET49786443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.249336004 CET44349786162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.250020027 CET49787443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.250030041 CET44349787162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.560600042 CET49790443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.560700893 CET44349790162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.560784101 CET49791443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.560789108 CET49790443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.560818911 CET44349791162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.560906887 CET49791443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.561110973 CET49790443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.561144114 CET44349790162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.561242104 CET49791443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.561256886 CET44349791162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.701494932 CET44349787162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.703676939 CET49787443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.703682899 CET44349787162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.704013109 CET44349787162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.704811096 CET49787443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.704869032 CET44349787162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.704978943 CET49787443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.711591959 CET44349786162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.738316059 CET49786443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.738356113 CET44349786162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.739826918 CET44349786162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.751321077 CET44349787162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.763001919 CET49786443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.763303041 CET44349786162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.819281101 CET44349787162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.819351912 CET49787443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.821822882 CET49787443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.821840048 CET44349787162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.846398115 CET49786443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:32.015899897 CET44349790162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:32.016144991 CET49790443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:32.016160011 CET44349790162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:32.016612053 CET44349790162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:32.018326998 CET49790443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:32.018419981 CET44349790162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:32.035902977 CET44349791162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:32.052769899 CET49791443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:32.052798986 CET44349791162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:32.053247929 CET44349791162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:32.054925919 CET49791443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:32.054999113 CET44349791162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:32.065424919 CET49790443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:32.174026012 CET49791443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:32.576978922 CET49786443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:32.577286959 CET44349786162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:32.577452898 CET49786443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:32.607980967 CET49790443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:32.608067036 CET49791443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:32.608109951 CET44349790162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:32.608158112 CET44349791162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:32.608182907 CET49790443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:32.608217001 CET49791443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.414846897 CET49810443192.168.2.7152.195.19.97
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.414875984 CET44349810152.195.19.97192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.414951086 CET49810443192.168.2.7152.195.19.97
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.415154934 CET49810443192.168.2.7152.195.19.97
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.415167093 CET44349810152.195.19.97192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.978615999 CET44349810152.195.19.97192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.981739044 CET49810443192.168.2.7152.195.19.97
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.981760025 CET44349810152.195.19.97192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.983371019 CET44349810152.195.19.97192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.983433962 CET49810443192.168.2.7152.195.19.97
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.985304117 CET49810443192.168.2.7152.195.19.97
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.985400915 CET44349810152.195.19.97192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.985501051 CET49810443192.168.2.7152.195.19.97
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.985511065 CET44349810152.195.19.97192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.058971882 CET49810443192.168.2.7152.195.19.97
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.112133026 CET49819443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.112145901 CET4434981918.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.112195015 CET49819443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.112317085 CET49820443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.112344980 CET4434982018.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.112387896 CET49820443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.112634897 CET49819443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.112648010 CET4434981918.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.112696886 CET49820443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.112706900 CET4434982018.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.121488094 CET44349810152.195.19.97192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.122003078 CET44349810152.195.19.97192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.122018099 CET44349810152.195.19.97192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.122045994 CET44349810152.195.19.97192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.122055054 CET49810443192.168.2.7152.195.19.97
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.122060061 CET44349810152.195.19.97192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.122076988 CET44349810152.195.19.97192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.122095108 CET49810443192.168.2.7152.195.19.97
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.122112989 CET49810443192.168.2.7152.195.19.97
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.122123003 CET44349810152.195.19.97192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.122163057 CET49810443192.168.2.7152.195.19.97
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.122189045 CET44349810152.195.19.97192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.122229099 CET49810443192.168.2.7152.195.19.97
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.123436928 CET49810443192.168.2.7152.195.19.97
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.123450041 CET44349810152.195.19.97192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.123477936 CET49810443192.168.2.7152.195.19.97
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.123492956 CET49810443192.168.2.7152.195.19.97
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.851087093 CET4434981918.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.851223946 CET49819443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.860126019 CET4434982018.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.860330105 CET49820443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.865452051 CET49820443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.865452051 CET49820443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.865463972 CET4434982018.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.865483046 CET4434982018.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.865727901 CET4434982018.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.865854025 CET49820443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.866657972 CET49819443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.866695881 CET4434981918.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.867053032 CET4434981918.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.867546082 CET49819443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:35.139708042 CET4434982018.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:35.139779091 CET4434982018.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:35.139811993 CET49820443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:35.139847994 CET49820443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:35.140019894 CET49820443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:35.140038013 CET4434982018.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:35.140069962 CET49820443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:35.140331984 CET49820443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:35.897095919 CET49842443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:35.897165060 CET44349842151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:35.897236109 CET49842443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:35.897562027 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:35.897583961 CET49842443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:35.897615910 CET44349842151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:35.897631884 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:35.897712946 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:35.898127079 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:35.898148060 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.455156088 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.455223083 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.456557035 CET44349842151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.456615925 CET49842443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.459036112 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.459053040 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.459157944 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.459173918 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.459330082 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.459392071 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.459867001 CET49842443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.459873915 CET44349842151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.460201025 CET44349842151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.460257053 CET49842443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.556372881 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.556447983 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.557041883 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.557101011 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.557130098 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.557183981 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.557214022 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.557316065 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.557337046 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.557390928 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.557406902 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.557602882 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.557615042 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.557684898 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.557753086 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.557831049 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.557869911 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.557925940 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.558449030 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.558551073 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.558564901 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.558626890 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.558640003 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.558721066 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.569389105 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.569523096 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.640722036 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.640778065 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.640799999 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.640867949 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.640955925 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.640990019 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.641038895 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.641052008 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.641102076 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.641489029 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.641527891 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.641581059 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.641593933 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.641648054 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.641694069 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.642116070 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.642127037 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.642177105 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.642407894 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.642546892 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.642560959 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.642602921 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.642734051 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.642793894 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.642801046 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.642842054 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.642893076 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.643214941 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.643222094 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.643306971 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.643548012 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.643598080 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.643604040 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.643654108 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.643660069 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.643917084 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.643923044 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.643965006 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.644373894 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.644473076 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.644479036 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.644520998 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.697410107 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.697873116 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.727494955 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.727560997 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.727579117 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.727644920 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.727696896 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.727737904 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.727786064 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.727844000 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.727855921 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.727897882 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.727937937 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.727988005 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.728008032 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.728055000 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.728077888 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.728122950 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.728146076 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.728193045 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.728216887 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.728266001 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.728302956 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.728352070 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.728615046 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.728668928 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.729863882 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.729883909 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.729927063 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.729938984 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.729955912 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.729979038 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.729995966 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.730010986 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.731643915 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.731707096 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.731717110 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.731731892 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.731766939 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.731791019 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.815433025 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.815460920 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.815529108 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.815551996 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.815567017 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.815594912 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.816113949 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.816137075 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.816178083 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.816184998 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.816215992 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.816232920 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.817348957 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.817369938 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.817415953 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.817419052 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.817435026 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.817455053 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.817478895 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.817483902 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.817513943 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.817524910 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.817554951 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.817863941 CET49843443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:36.817877054 CET44349843151.101.129.108192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:17:04.667257071 CET4434981918.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:17:04.667335987 CET49819443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:17:04.667371988 CET4434981918.244.18.38192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:17:04.667432070 CET49819443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:17:23.588795900 CET5550853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:17:23.594938993 CET53555081.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:17:23.595144987 CET5550853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:17:23.595182896 CET5550853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:17:23.600009918 CET53555081.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:17:24.040128946 CET53555081.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:17:24.043879986 CET5550853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:17:24.049324036 CET53555081.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:17:24.049402952 CET5550853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:18:07.568895102 CET49752443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:18:07.568912029 CET49752443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:18:15.358505011 CET49765443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:18:15.358660936 CET49765443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:18:15.358711958 CET44349765151.101.194.137192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:18:15.358804941 CET49765443192.168.2.7151.101.194.137
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:18:20.655081034 CET49842443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:18:20.655158997 CET49842443192.168.2.7151.101.129.108
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:18:20.655359030 CET49819443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:18:20.655359030 CET49819443192.168.2.718.244.18.38
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:18:22.271213055 CET6288153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:18:22.276163101 CET53628811.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:18:22.276262999 CET6288153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:18:22.276262999 CET6288153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:18:22.281167984 CET53628811.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:18:22.718940020 CET53628811.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:18:22.721586943 CET6288153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:18:22.726671934 CET53628811.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:18:22.726800919 CET6288153192.168.2.71.1.1.1

                                                                                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:19.822266102 CET6067553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:24.680797100 CET5484953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:24.680972099 CET5449353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:24.687577009 CET53548491.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:24.691114902 CET53544931.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:26.313975096 CET6383953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:26.323307037 CET53638391.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:26.414879084 CET5239553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:26.461709976 CET5057753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:26.521615028 CET5085453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.359747887 CET5137053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.360188007 CET6005153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.360598087 CET5198553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.360932112 CET5527053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.369482040 CET53513701.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.369791985 CET53600511.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.369801998 CET53519851.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.370471954 CET53552701.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.381134033 CET6167553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.381449938 CET6518553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.387957096 CET53616751.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.388320923 CET53651851.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:28.957762957 CET5061453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.003779888 CET5729653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.105397940 CET53506141.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.193599939 CET54718443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.248318911 CET59519443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.559871912 CET54718443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.560906887 CET59519443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.647154093 CET44354718162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.647500992 CET44354718162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.647648096 CET44354718162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.657179117 CET44354718162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.703109980 CET54718443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.703162909 CET44359519162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.703203917 CET44359519162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.703208923 CET44359519162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.703329086 CET44359519162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.704399109 CET59519443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.763546944 CET54718443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.763741016 CET54718443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.764216900 CET59519443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.764296055 CET59519443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.765542030 CET54718443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.765656948 CET54718443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.765793085 CET59519443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.865609884 CET44354718162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.865622044 CET44354718162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.865631104 CET44354718162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.865637064 CET44354718162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.865655899 CET44359519162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.865659952 CET44359519162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.865664959 CET44359519162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.865670919 CET44359519162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.868339062 CET44354718162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.868345976 CET44354718162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.868357897 CET44354718162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.868500948 CET44359519162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.869497061 CET44359519162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.892550945 CET59519443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.894185066 CET59519443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.895107985 CET54718443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.895199060 CET54718443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.895499945 CET54718443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.895687103 CET59519443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.992887974 CET44354718162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.993850946 CET44359519162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.996006012 CET44359519162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:32.002764940 CET59519443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:32.027985096 CET54718443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:32.609853983 CET56106443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:32.611938000 CET56106443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:32.612263918 CET56106443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:32.612485886 CET56106443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.054966927 CET44356106162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.055346966 CET44356106162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.066059113 CET56106443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.114130974 CET56106443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.160033941 CET44356106162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.160046101 CET44356106162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.160059929 CET44356106162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.160065889 CET44356106162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.161103964 CET56106443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.161168098 CET56106443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.255121946 CET44356106162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.280106068 CET56106443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.377330065 CET44356106162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.378885984 CET44356106162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.380038023 CET44356106162.159.61.3192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.413836956 CET56106443192.168.2.7162.159.61.3
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.327785015 CET5837753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:35.889584064 CET4987553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:35.896500111 CET53498751.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:17:23.587910891 CET53621141.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:18:22.270741940 CET53572811.1.1.1192.168.2.7

                                                                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:19.822266102 CET192.168.2.71.1.1.10x8a81Standard query (0)www.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:24.680797100 CET192.168.2.71.1.1.10x2fecStandard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:24.680972099 CET192.168.2.71.1.1.10x88feStandard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:26.313975096 CET192.168.2.71.1.1.10xf74fStandard query (0)sb.scorecardresearch.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:26.414879084 CET192.168.2.71.1.1.10xb073Standard query (0)api.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:26.461709976 CET192.168.2.71.1.1.10xa34eStandard query (0)assets.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:26.521615028 CET192.168.2.71.1.1.10x411eStandard query (0)c.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.359747887 CET192.168.2.71.1.1.10x8459Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.360188007 CET192.168.2.71.1.1.10x700cStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.360598087 CET192.168.2.71.1.1.10xaf8dStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.360932112 CET192.168.2.71.1.1.10x1e22Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.381134033 CET192.168.2.71.1.1.10x41b3Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.381449938 CET192.168.2.71.1.1.10x8e71Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:28.957762957 CET192.168.2.71.1.1.10x76baStandard query (0)code.jquery.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.003779888 CET192.168.2.71.1.1.10x5a9cStandard query (0)browser.events.data.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.327785015 CET192.168.2.71.1.1.10x54deStandard query (0)browser.events.data.msn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:35.889584064 CET192.168.2.71.1.1.10xf83Standard query (0)acdn.adnxs.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:19.829370975 CET1.1.1.1192.168.2.70x8a81No error (0)www.msn.comwww-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:24.687577009 CET1.1.1.1192.168.2.70x2fecNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:24.687577009 CET1.1.1.1192.168.2.70x2fecNo error (0)googlehosted.l.googleusercontent.com142.250.186.33A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:24.691114902 CET1.1.1.1192.168.2.70x88feNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:26.028537989 CET1.1.1.1192.168.2.70xf82eNo error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:26.028537989 CET1.1.1.1192.168.2.70xf82eNo error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:26.323307037 CET1.1.1.1192.168.2.70xf74fNo error (0)sb.scorecardresearch.com18.244.18.38A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:26.323307037 CET1.1.1.1192.168.2.70xf74fNo error (0)sb.scorecardresearch.com18.244.18.27A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:26.323307037 CET1.1.1.1192.168.2.70xf74fNo error (0)sb.scorecardresearch.com18.244.18.32A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:26.323307037 CET1.1.1.1192.168.2.70xf74fNo error (0)sb.scorecardresearch.com18.244.18.122A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:26.422915936 CET1.1.1.1192.168.2.70xb073No error (0)api.msn.comapi-msn-com.a-0003.a-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:26.471421003 CET1.1.1.1192.168.2.70xa34eNo error (0)assets.msn.comassets.msn.com.edgekey.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:26.528785944 CET1.1.1.1192.168.2.70x411eNo error (0)c.msn.comc-msn-com-nsatc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.369482040 CET1.1.1.1192.168.2.70x8459No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.369482040 CET1.1.1.1192.168.2.70x8459No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.369791985 CET1.1.1.1192.168.2.70x700cNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.369801998 CET1.1.1.1192.168.2.70xaf8dNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.369801998 CET1.1.1.1192.168.2.70xaf8dNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.370471954 CET1.1.1.1192.168.2.70x1e22No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.387957096 CET1.1.1.1192.168.2.70x41b3No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.387957096 CET1.1.1.1192.168.2.70x41b3No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:27.388320923 CET1.1.1.1192.168.2.70x8e71No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.105397940 CET1.1.1.1192.168.2.70x76baNo error (0)code.jquery.com151.101.194.137A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.105397940 CET1.1.1.1192.168.2.70x76baNo error (0)code.jquery.com151.101.66.137A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.105397940 CET1.1.1.1192.168.2.70x76baNo error (0)code.jquery.com151.101.2.137A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.105397940 CET1.1.1.1192.168.2.70x76baNo error (0)code.jquery.com151.101.130.137A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.105823040 CET1.1.1.1192.168.2.70x5a9cNo error (0)browser.events.data.msn.comglobal.asimov.events.data.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.404596090 CET1.1.1.1192.168.2.70xd012No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:29.404596090 CET1.1.1.1192.168.2.70xd012No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.419307947 CET1.1.1.1192.168.2.70xd012No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:30.419307947 CET1.1.1.1192.168.2.70xd012No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.431148052 CET1.1.1.1192.168.2.70xd012No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:31.431148052 CET1.1.1.1192.168.2.70xd012No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.452749014 CET1.1.1.1192.168.2.70xd012No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:33.452749014 CET1.1.1.1192.168.2.70xd012No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:34.335283041 CET1.1.1.1192.168.2.70x54deNo error (0)browser.events.data.msn.comglobal.asimov.events.data.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:35.896500111 CET1.1.1.1192.168.2.70xf83No error (0)acdn.adnxs.comprod.appnexus.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:35.896500111 CET1.1.1.1192.168.2.70xf83No error (0)prod.appnexus.map.fastly.net151.101.129.108A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:35.896500111 CET1.1.1.1192.168.2.70xf83No error (0)prod.appnexus.map.fastly.net151.101.65.108A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:35.896500111 CET1.1.1.1192.168.2.70xf83No error (0)prod.appnexus.map.fastly.net151.101.193.108A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:35.896500111 CET1.1.1.1192.168.2.70xf83No error (0)prod.appnexus.map.fastly.net151.101.1.108A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:37.466255903 CET1.1.1.1192.168.2.70xd012No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                        Nov 20, 2024 12:16:37.466255903 CET1.1.1.1192.168.2.70xd012No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                        • clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                        • chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                        • https:
                                                                                                                                                                                                                                                                                          • sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                          • code.jquery.com
                                                                                                                                                                                                                                                                                          • acdn.adnxs.com
                                                                                                                                                                                                                                                                                        • msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com

                                                                                                                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                        0192.168.2.749713142.250.186.334437960C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:25 UTC594OUTGET /crx/blobs/AW50ZFsLPhJJyx_4ShcDOgcEpJeOc7Vr0kMzfFRoaMfWx4pAgZ0UGF2i9_ei1A7FAHQ-EPFULeBn7F8_SEKhjbpEyKfiidX7GF_6BDOycMeg5w03wjwVQ61hkaEix8WFqmEAxlKa5cmz_tdFr9JtRwdqRu82wmLe2Ghe/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_84_1_0.crx HTTP/1.1
                                                                                                                                                                                                                                                                                        Host: clients2.googleusercontent.com
                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:25 UTC573INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                        Content-Length: 138356
                                                                                                                                                                                                                                                                                        X-GUploader-UploadID: AFiumC4CmFwgjI0Q35C_cGXjJ3uWiQI6HiE3oIE6VYSiyzheI__qNcT6ZhXFFFUYW5WJkTsnnZpCh5_0bw
                                                                                                                                                                                                                                                                                        X-Goog-Hash: crc32c=ld9IFg==
                                                                                                                                                                                                                                                                                        Server: UploadServer
                                                                                                                                                                                                                                                                                        Date: Tue, 19 Nov 2024 16:45:00 GMT
                                                                                                                                                                                                                                                                                        Expires: Wed, 19 Nov 2025 16:45:00 GMT
                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=31536000
                                                                                                                                                                                                                                                                                        Last-Modified: Tue, 19 Nov 2024 16:44:49 GMT
                                                                                                                                                                                                                                                                                        ETag: 2373c8b9_cba0b209_e851cacf_d4df989e_81c52a41
                                                                                                                                                                                                                                                                                        Content-Type: application/x-chrome-extension
                                                                                                                                                                                                                                                                                        Age: 66685
                                                                                                                                                                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:25 UTC817INData Raw: 43 72 32 34 03 00 00 00 e0 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                                                                                                                                                                                        Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:25 UTC1390INData Raw: 5f b2 be 56 5f e7 71 3a 5f 86 5f 7f f9 35 7d d5 75 53 5c 9b ff 18 eb af ff 78 3f ab fa d7 9f 7e 5d cf 1f 43 2d ff b3 ba 0c 53 3d 4c bf fe f2 f7 5f 63 f1 50 97 42 ea cf d7 8f b0 2d 4d db 10 dc 36 32 b3 69 2a b3 51 d5 e3 f8 c4 ad eb 39 ef e7 ef dc 9c de 2b 53 3d 89 f4 f8 84 0e 2f 36 3a df cf c2 57 83 c8 90 71 6c 2f 67 fd f9 26 6a a9 79 fc f9 7b af ae 22 8b ce b1 9a fe 7c 1c dc 46 fa 1f e7 f8 7c 9c a3 f6 e3 56 f9 f6 f0 f3 99 aa 77 be 25 74 2e 79 86 2e 3f df 17 26 e2 e2 61 cc 9c 7f 3c d2 6e c2 88 c1 89 f6 53 2b 7c d4 17 3d 05 72 61 c7 0a 84 08 01 b1 27 7d f8 28 82 70 57 fb c2 16 8f d0 39 05 d7 73 e5 43 a3 d8 1f 9f 8e ca b9 96 26 6a 4a 9f 2d 27 13 f6 27 13 a8 ca 42 8d 30 f5 75 3f 2e a5 b9 3b 9f f6 e1 a3 34 9d 7f cf f3 e7 d9 c2 b9 f0 d4 c0 ac e6 90 42 86 4e 5c
                                                                                                                                                                                                                                                                                        Data Ascii: _V_q:__5}uS\x?~]C-S=L_cPB-M62i*Q9+S=/6:Wql/g&jy{"|F|Vw%t.y.?&a<nS+|=ra'}(pW9sC&jJ-''B0u?.;4BN\
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:25 UTC1390INData Raw: 8e b5 a1 c8 fb ee 81 60 65 eb 98 45 ab ec b5 f7 df 38 3e ce 17 36 8b 4c d7 7b 85 4d 64 18 16 65 b0 90 1e f2 cb 03 4c 8a 00 e1 48 79 96 ec 9b 3d f6 a0 d6 80 10 57 0f 10 60 43 7e af 8e 3f 1c b7 7a ee 1d 59 c2 29 1a 94 12 c6 ec 9e 28 ba 47 74 ea a9 92 fb f2 20 bd f4 20 c3 8a 8a 04 03 ec 56 83 d6 68 aa f5 88 d1 39 0a d6 d7 be fa 7f 68 70 d5 e2 31 37 1a 25 03 f1 55 98 2a 4b bd 68 22 81 eb 25 ad 18 84 19 e6 b8 d7 a1 60 b9 67 e1 89 9c f6 e2 ad 52 d0 c5 a6 dc ad e7 9e dc ca 7f d2 3e 77 87 7d e1 a1 a5 e9 a4 17 9a 04 c0 1e 05 42 14 c6 78 22 8b d6 00 1f f3 28 78 31 13 f3 7e 67 01 4e 72 8a 0f 75 ff 71 5f e5 6f 6d cd bd d1 43 0a 76 99 35 be 4a e5 2d 31 6c 3a 02 10 c5 56 13 ea 1e 23 15 1d 58 74 af 43 75 3d f0 13 03 bc 22 a2 fc ca 82 66 b9 ee fd 2e c5 46 f6 b8 53 d7 bc
                                                                                                                                                                                                                                                                                        Data Ascii: `eE8>6L{MdeLHy=W`C~?zY)(Gt Vh9hp17%U*Kh"%`gR>w}Bx"(x1~gNruq_omCv5J-1l:V#XtCu="f.FS
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:25 UTC1390INData Raw: eb 3e aa 67 36 b6 c2 7d dd cf 6f 71 6a 3c aa 40 7e 15 06 ce 18 81 87 14 8e b0 58 44 27 7a dd 77 ac b1 b7 dc 66 ab cf 89 e9 ce a6 3c ec 05 3f 02 02 d8 27 ea 46 4f 70 bb e1 2d 44 84 4e 09 f6 ed 1b e9 1b c5 3d 68 a6 0c d9 75 0f 3f b1 8e cd 35 f6 95 bf 91 bd 1a 69 d1 42 51 b5 ee b9 e2 ce 89 50 6c 26 16 de 89 5e bc e6 c4 fd 26 da f5 e3 ce 69 10 77 1e cc c8 01 e9 9e 41 6a 55 a0 38 bc ac b1 bf 6b be 7b ba 51 77 aa c0 9b 05 fc b0 44 37 6a e6 e1 c0 0e 78 4a 7b 14 13 4f eb 10 ed ee 3f fb 8d c4 1f af b9 25 7e f2 af cb 87 f0 11 f9 c7 c7 ff c1 df c8 80 4b b7 c6 3f 03 ce 51 66 ae c1 bd e9 35 31 9c a0 54 88 27 0b eb 52 98 2c 14 76 36 e7 d3 53 74 70 f3 94 48 50 51 74 c1 6a 6c c5 02 57 75 bf ea 37 d6 5c 85 75 ff 1a de 92 f6 c3 8e 3c db 2b f4 fc 0a bf 49 4b a8 ce 14 7e 00
                                                                                                                                                                                                                                                                                        Data Ascii: >g6}oqj<@~XD'zwf<?'FOp-DN=hu?5iBQPl&^&iwAjU8k{QwD7jxJ{O?%~K?Qf51T'R,v6StpHPQtjlWu7\u<+IK~
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:25 UTC1390INData Raw: 48 3f c7 20 98 a3 4a ae e7 0e 9d 1f 06 63 15 24 ff cb b8 61 7b a2 4e 58 74 c0 4c 09 86 ba 97 48 e8 03 c4 a9 0f ee 35 65 bd 60 e1 21 a1 18 44 a6 bd 68 e1 33 23 9a dc 91 a1 d2 1c 38 bf d3 98 ca 64 0f d9 ab 56 8f 6d 95 56 f8 a5 e3 ec 3d ef d5 2d b3 5c 3d e6 ff 3a fe 0d 19 c0 60 d4 b8 23 8f b9 88 da a3 ee df 88 f6 ec a7 9c 21 9f 2e 21 cc 81 f2 75 fd ed 12 f6 f3 fe 52 6a 9f db f0 a2 fb e9 a7 81 d4 f7 eb f5 58 53 9e 25 3f f7 32 7e 98 ff 3b 96 ae c7 fe 9f e7 2d df ff f0 9c e5 bf be 3b 4a 9f 4d 99 a9 ba 7f 9d 95 6c 74 8c da b7 42 c7 85 e0 d3 bd e4 8e ca 4d fb 56 f6 ea 5a f6 b6 f6 9f f3 77 e9 37 5f 85 df 9d ff fb bb 96 8e e7 01 8d 3f b9 f3 73 16 f3 d4 7e 18 a7 d6 fb f9 ff 5d c7 97 a1 e3 ee bb 84 8e a9 59 2c 05 d7 fa d6 5e e6 f7 e4 df 87 46 8b e9 f6 55 5f 7f fd e5
                                                                                                                                                                                                                                                                                        Data Ascii: H? Jc$a{NXtLH5e`!Dh3#8dVmV=-\=:`#!.!uRjXS%?2~;-;JMltBMVZw7_?s~]Y,^FU_
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:25 UTC1390INData Raw: 50 3d 5b 7f a3 9a c1 c2 43 a0 f0 9c cf 84 2c dc 6f 77 dd ff 5e 04 27 23 01 db 3b d0 22 fa fd ca c2 00 94 91 17 e4 5e bb e4 28 b3 f2 09 87 4b 75 14 8e e0 c2 6f 3a 13 0a 28 96 4a ee 0a 6a 2c 09 f3 2c c2 e9 23 6a 8c ec 09 a0 e8 96 87 84 d2 68 a5 cd ca f5 ec 0a 46 60 f9 be 7b e8 5e a6 f5 2e a5 46 6e c8 a6 db bc 01 50 4b 07 08 1d fb 12 3a a0 00 00 00 23 01 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 72 6f 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 ca 36 2a 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 41 64 ae 95 2f db 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 8d 52 c1 4e 1c 31 0c bd f3 15 d6 9c 8a 34 a0 65 7b 82 1b 82 55 4f 85 aa 2d 97 aa 17 6f c6 b3 58 ca 38 51
                                                                                                                                                                                                                                                                                        Data Ascii: P=[C,ow^'#;"^(Kuo:(Jj,,#jhF`{^.FnPK:#PK!-_locales/ro/messages.jsonUT6*g Ad/RN14e{UO-oX8Q
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:25 UTC1390INData Raw: ee 12 87 56 cb 68 4b 0f 6e 3d 2c 91 9f b7 f2 c2 8f 9e 81 ed 64 91 89 5f c8 93 db ec d7 38 3e f4 ec 97 19 5a 11 ad f3 b8 82 28 3a 6c b3 ee 24 e1 50 fb 79 09 cf f1 ad 57 e9 76 70 aa 85 35 32 aa 0a 0f 41 0d 1c 63 cf 15 51 0d 8c 44 97 9c 43 b8 94 04 8f 60 5f 09 e2 4b c0 6e a2 3a 29 12 e1 86 4f 49 97 b9 92 11 e2 5a d6 16 fc 60 20 03 a5 d7 f5 68 06 5f 65 93 9a dd ad 65 97 51 8b ac 05 b4 69 a5 64 30 17 f8 1c 4a 1d 10 6c a0 02 36 20 1b 29 c2 cd 6a e6 f5 e9 55 66 60 81 a8 0e 0c 0c 22 4a e0 41 05 8c 7f 9c 57 46 cf 54 ff 32 7c 7d 9b 6e 4b 1e be a1 2b 8b 2c ea 96 fa 5c 18 5d 04 b1 51 7c 89 a2 45 6d 3a 0b 61 c3 6f a2 78 04 e6 19 c0 10 c1 b2 2f e8 63 ec 0d 6c f9 20 a0 26 d6 8b ea b0 75 64 be 5d fd c4 70 d9 3b b5 ed d4 f1 bc 8d 4d 4a b4 8e 05 bc 1a 18 57 05 34 4d 40 13
                                                                                                                                                                                                                                                                                        Data Ascii: VhKn=,d_8>Z(:l$PyWvp52AcQDC`_Kn:)OIZ` h_eeQid0Jl6 )jUf`"JAWFT2|}nK+,\]Q|Em:aox/cl &ud]p;MJW4M@
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:25 UTC1390INData Raw: 8f 15 60 c1 98 b9 ab 80 ac 82 c5 04 63 89 63 38 bd 2a 36 1c e9 9a 44 2a 3c 4e 2d ee 92 46 8e 50 dc e3 94 bb f5 61 c2 1d cf 5c 48 24 42 49 6c 12 12 d7 49 d9 ae b5 78 32 3e ee bd 6d 14 36 10 04 42 78 75 49 e8 56 12 9a c0 f8 4e 5b 9e a8 18 48 07 60 fa c4 f3 b8 1c e9 66 42 8d 56 0a 4d 3a 20 57 32 60 3d 87 5b 12 2d 22 e5 44 56 25 e1 21 a6 58 0d e8 46 f5 04 83 06 0e 87 28 fb a4 f0 19 18 b8 02 88 01 7c 80 61 ef 0c 9c e0 24 d3 07 48 c9 09 3f e2 9c 5e e9 89 97 4b 26 3f f6 66 0d 22 cf 03 86 52 31 81 e4 3a 97 fa 54 dc fb b0 49 d9 ef a1 7d 1a 46 e5 77 f4 02 a7 fd a6 7b 35 4f fa 61 2c 0d 6e 07 7a 72 4d 94 18 5d f3 fe 4e 2c 30 9b 6d f6 54 60 d0 58 d4 81 d8 05 43 89 9b 2d 91 75 b1 84 72 e5 82 16 5a a8 d1 8f 71 28 22 a2 ed 69 03 7e 0f 3a 87 3c 26 69 4c 4d 0a 36 d7 c7 a7
                                                                                                                                                                                                                                                                                        Data Ascii: `cc8*6D*<N-FPa\H$BIlIx2>m6BxuIVN[H`fBVM: W2`=[-"DV%!XF(|a$H?^K&?f"R1:TI}Fw{5Oa,nzrM]N,0mT`XC-urZq("i~:<&iLM6
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:25 UTC1390INData Raw: 3f a2 77 74 f9 39 14 92 6f 30 19 61 42 16 3c c5 8e d8 b3 84 2e 10 d8 71 39 f8 5c 22 7b 60 27 ee 3a 3f 1a 26 6a f5 a8 f2 1f 13 ad 85 fc dd 51 24 58 d5 3c 25 19 9d fa 2b 81 d6 c7 4d 37 fd 9a e2 f2 53 ad 5f c1 c9 b9 41 f8 0f 77 84 84 39 d5 5c 7f 74 b0 dd bb 43 ac e6 be ce d5 bf df bb 77 82 1b a6 ff 9c 05 67 3a 77 fe 7a f2 5d 9a 09 4d 66 b5 8d f8 e6 d8 2d cb 4e 6d ee a3 82 48 7b c6 a8 5d b2 e8 52 97 3d e5 a5 b8 ef 36 ad cf 46 de f8 e7 8e 98 46 5f 0f 08 b5 d5 be 41 c5 77 eb e3 54 28 7a 31 07 87 c9 e3 1b f0 13 22 9f 73 e2 40 ce 5e e0 09 2d 54 01 dc 63 06 df 9b 0e c1 43 bf 5c bc 02 50 4b 07 08 c0 47 8a 9f 88 01 00 00 46 03 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 6b 6d 2f 6d 65 73
                                                                                                                                                                                                                                                                                        Data Ascii: ?wt9o0aB<.q9\"{`':?&jQ$X<%+M7S_Aw9\tCwg:wz]Mf-NmH{]R=6FF_AwT(z1"s@^-TcC\PKGFPK!-_locales/km/mes
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:25 UTC1390INData Raw: c1 c2 b3 df 74 6f 40 46 69 27 57 e6 ee 9e df fa e6 7c 6c 22 ff dc fc cd 83 bf 84 75 53 df fb 95 fb e0 a6 5b e2 f7 c1 5f 87 cb 78 0d a9 ac a4 0c 68 8e 44 f1 68 52 0e 42 cf 48 31 70 61 e4 4c d1 69 c5 a7 46 2f 04 a6 71 7a 9a be 86 7e 9a df 4a 91 d1 b6 e2 f0 34 96 a4 11 21 a4 4d e9 67 b4 5d b3 aa 52 cd 51 3d 41 bb 66 f2 ab fd 2b c2 fc 18 cf 78 47 7c 50 e9 5f 0e f0 9b c4 43 6a 2a f2 42 35 42 84 04 d7 70 02 ab 0d b5 b1 89 32 98 e2 55 e6 4f d6 3f 1c 81 d7 4f df 01 50 4b 07 08 80 81 20 9b 32 02 00 00 f3 0a 00 00 50 4b 03 04 14 00 08 08 08 00 00 00 21 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 2d 00 5f 6c 6f 63 61 6c 65 73 2f 73 6b 2f 6d 65 73 73 61 67 65 73 2e 6a 73 6f 6e 55 54 05 00 01 ca 36 2a 67 0a 00 20 00 00 00 00 00 01 00 18 00 00 41 64 ae 95 2f db 01 00
                                                                                                                                                                                                                                                                                        Data Ascii: to@Fi'W|l"uS[_xhDhRBH1paLiF/qz~J4!Mg]RQ=Af+xG|P_Cj*B5Bp2UO?OPK 2PK!-_locales/sk/messages.jsonUT6*g Ad/


                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                        1192.168.2.749726162.159.61.34437960C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:27 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:27 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:27 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                                        Date: Wed, 20 Nov 2024 11:16:27 GMT
                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                                                                                                        CF-RAY: 8e58072a7f42430d-EWR
                                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:27 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 0a 00 04 8e fb 20 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom c)


                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                        2192.168.2.749727162.159.61.34437960C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:27 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:27 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:27 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                                        Date: Wed, 20 Nov 2024 11:16:27 GMT
                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                                                                                                        CF-RAY: 8e58072a7f25c32c-EWR
                                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:27 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 24 00 04 8e fa 41 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom$A)


                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                        3192.168.2.749728172.64.41.34437960C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:27 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:27 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:28 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                                        Date: Wed, 20 Nov 2024 11:16:27 GMT
                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                                                                                                        CF-RAY: 8e58072acd9b18f2-EWR
                                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:28 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 2b 00 04 8e fa 41 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                        Data Ascii: wwwgstaticcom+A)


                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                        4192.168.2.74974318.244.18.384436972C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:30 UTC519OUTGET /b?rn=1732101388357&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=2B8265CB986F6AAB216270F699766BFB&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                                        Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
                                                                                                                                                                                                                                                                                        Referer: https://www.msn.com/?ocid=iehp
                                                                                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                        Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:30 UTC657INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                        Date: Wed, 20 Nov 2024 11:16:30 GMT
                                                                                                                                                                                                                                                                                        Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                                        Location: /b2?rn=1732101388357&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=2B8265CB986F6AAB216270F699766BFB&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
                                                                                                                                                                                                                                                                                        set-cookie: UID=1C789eddac2b7b84d62b48a1732101390; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                        Via: 1.1 d025091c574ce1bcf1fefea59ac34f2c.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                        X-Amz-Cf-Pop: FRA56-P11
                                                                                                                                                                                                                                                                                        X-Amz-Cf-Id: O-yLkP9HsAcM3hhnsutPMP5AZ5Aa3pYe5wEqyQuoaQS0o_CEHFzZhg==


                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                        5192.168.2.749751151.101.194.1374436972C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:30 UTC307OUTGET /jquery-3.6.3.min.js HTTP/1.1
                                                                                                                                                                                                                                                                                        Accept: application/javascript, */*;q=0.8
                                                                                                                                                                                                                                                                                        Referer: https://www.msn.com/?ocid=iehp
                                                                                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                        Host: code.jquery.com
                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:30 UTC612INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                        Content-Length: 89947
                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                        Content-Type: application/javascript; charset=utf-8
                                                                                                                                                                                                                                                                                        Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT
                                                                                                                                                                                                                                                                                        ETag: "28feccc0-15f5b"
                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=31536000, stale-while-revalidate=604800
                                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                        Via: 1.1 varnish, 1.1 varnish
                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                        Age: 1466701
                                                                                                                                                                                                                                                                                        Date: Wed, 20 Nov 2024 11:16:30 GMT
                                                                                                                                                                                                                                                                                        X-Served-By: cache-lga21985-LGA, cache-ewr-kewr1740066-EWR
                                                                                                                                                                                                                                                                                        X-Cache: HIT, HIT
                                                                                                                                                                                                                                                                                        X-Cache-Hits: 587, 0
                                                                                                                                                                                                                                                                                        X-Timer: S1732101390.332602,VS0,VE1
                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:30 UTC1378INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 33 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75
                                                                                                                                                                                                                                                                                        Data Ascii: /*! jQuery v3.6.3 | (c) OpenJS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:30 UTC1378INData Raw: 7d 2c 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 65 3f 73 2e 63 61 6c 6c 28 74 68 69 73 29 3a 65 3c 30 3f 74 68 69 73 5b 65 2b 74 68 69 73 2e 6c 65 6e 67 74 68 5d 3a 74 68 69 73 5b 65 5d 7d 2c 70 75 73 68 53 74 61 63 6b 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 45 2e 6d 65 72 67 65 28 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 2c 65 29 3b 72 65 74 75 72 6e 20 74 2e 70 72 65 76 4f 62 6a 65 63 74 3d 74 68 69 73 2c 74 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 45 2e 65 61 63 68 28 74 68 69 73 2c 65 29 7d 2c 6d 61 70 3a 66 75 6e 63 74 69 6f 6e 28 6e 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 75 73 68 53 74 61 63 6b 28 45 2e 6d 61 70 28 74 68 69 73 2c 66
                                                                                                                                                                                                                                                                                        Data Ascii: },get:function(e){return null==e?s.call(this):e<0?this[e+this.length]:this[e]},pushStack:function(e){var t=E.merge(this.constructor(),e);return t.prevObject=this,t},each:function(e){return E.each(this,e)},map:function(n){return this.pushStack(E.map(this,f
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:30 UTC1378INData Raw: 6f 6e 28 65 29 7b 76 61 72 20 74 2c 6e 3b 72 65 74 75 72 6e 21 28 21 65 7c 7c 22 5b 6f 62 6a 65 63 74 20 4f 62 6a 65 63 74 5d 22 21 3d 3d 6f 2e 63 61 6c 6c 28 65 29 29 26 26 28 21 28 74 3d 72 28 65 29 29 7c 7c 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 28 6e 3d 79 2e 63 61 6c 6c 28 74 2c 22 63 6f 6e 73 74 72 75 63 74 6f 72 22 29 26 26 74 2e 63 6f 6e 73 74 72 75 63 74 6f 72 29 26 26 61 2e 63 61 6c 6c 28 6e 29 3d 3d 3d 6c 29 7d 2c 69 73 45 6d 70 74 79 4f 62 6a 65 63 74 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3b 66 6f 72 28 74 20 69 6e 20 65 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 21 30 7d 2c 67 6c 6f 62 61 6c 45 76 61 6c 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 62 28 65 2c 7b 6e 6f 6e 63 65 3a 74 26 26 74 2e 6e 6f
                                                                                                                                                                                                                                                                                        Data Ascii: on(e){var t,n;return!(!e||"[object Object]"!==o.call(e))&&(!(t=r(e))||"function"==typeof(n=y.call(t,"constructor")&&t.constructor)&&a.call(n)===l)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},globalEval:function(e,t,n){b(e,{nonce:t&&t.no
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:30 UTC1378INData Raw: 5d 2c 71 3d 74 2e 70 6f 70 2c 4c 3d 74 2e 70 75 73 68 2c 48 3d 74 2e 70 75 73 68 2c 4f 3d 74 2e 73 6c 69 63 65 2c 50 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 66 6f 72 28 76 61 72 20 6e 3d 30 2c 72 3d 65 2e 6c 65 6e 67 74 68 3b 6e 3c 72 3b 6e 2b 2b 29 69 66 28 65 5b 6e 5d 3d 3d 3d 74 29 72 65 74 75 72 6e 20 6e 3b 72 65 74 75 72 6e 2d 31 7d 2c 52 3d 22 63 68 65 63 6b 65 64 7c 73 65 6c 65 63 74 65 64 7c 61 73 79 6e 63 7c 61 75 74 6f 66 6f 63 75 73 7c 61 75 74 6f 70 6c 61 79 7c 63 6f 6e 74 72 6f 6c 73 7c 64 65 66 65 72 7c 64 69 73 61 62 6c 65 64 7c 68 69 64 64 65 6e 7c 69 73 6d 61 70 7c 6c 6f 6f 70 7c 6d 75 6c 74 69 70 6c 65 7c 6f 70 65 6e 7c 72 65 61 64 6f 6e 6c 79 7c 72 65 71 75 69 72 65 64 7c 73 63 6f 70 65 64 22 2c 4d 3d 22 5b 5c 5c 78 32 30 5c 5c 74
                                                                                                                                                                                                                                                                                        Data Ascii: ],q=t.pop,L=t.push,H=t.push,O=t.slice,P=function(e,t){for(var n=0,r=e.length;n<r;n++)if(e[n]===t)return n;return-1},R="checked|selected|async|autofocus|autoplay|controls|defer|disabled|hidden|ismap|loop|multiple|open|readonly|required|scoped",M="[\\x20\\t
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:30 UTC1378INData Raw: 2c 65 65 3d 2f 5b 2b 7e 5d 2f 2c 74 65 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5c 5c 5c 5c 5b 5c 5c 64 61 2d 66 41 2d 46 5d 7b 31 2c 36 7d 22 2b 4d 2b 22 3f 7c 5c 5c 5c 5c 28 5b 5e 5c 5c 72 5c 5c 6e 5c 5c 66 5d 29 22 2c 22 67 22 29 2c 6e 65 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 3d 22 30 78 22 2b 65 2e 73 6c 69 63 65 28 31 29 2d 36 35 35 33 36 3b 72 65 74 75 72 6e 20 74 7c 7c 28 6e 3c 30 3f 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6e 2b 36 35 35 33 36 29 3a 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6e 3e 3e 31 30 7c 35 35 32 39 36 2c 31 30 32 33 26 6e 7c 35 36 33 32 30 29 29 7d 2c 72 65 3d 2f 28 5b 5c 30 2d 5c 78 31 66 5c 78 37 66 5d 7c 5e 2d 3f 5c 64 29 7c 5e 2d 24 7c 5b 5e 5c 30 2d 5c 78 31 66 5c
                                                                                                                                                                                                                                                                                        Data Ascii: ,ee=/[+~]/,te=new RegExp("\\\\[\\da-fA-F]{1,6}"+M+"?|\\\\([^\\r\\n\\f])","g"),ne=function(e,t){var n="0x"+e.slice(1)-65536;return t||(n<0?String.fromCharCode(n+65536):String.fromCharCode(n>>10|55296,1023&n|56320))},re=/([\0-\x1f\x7f]|^-?\d)|^-$|[^\0-\x1f\
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:30 UTC1378INData Raw: 29 29 7b 28 66 3d 65 65 2e 74 65 73 74 28 74 29 26 26 76 65 28 65 2e 70 61 72 65 6e 74 4e 6f 64 65 29 7c 7c 65 29 3d 3d 3d 65 26 26 64 2e 73 63 6f 70 65 7c 7c 28 28 73 3d 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3f 73 3d 73 2e 72 65 70 6c 61 63 65 28 72 65 2c 69 65 29 3a 65 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 2c 73 3d 45 29 29 2c 6f 3d 28 6c 3d 68 28 74 29 29 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 6f 2d 2d 29 6c 5b 6f 5d 3d 28 73 3f 22 23 22 2b 73 3a 22 3a 73 63 6f 70 65 22 29 2b 22 20 22 2b 78 65 28 6c 5b 6f 5d 29 3b 63 3d 6c 2e 6a 6f 69 6e 28 22 2c 22 29 7d 74 72 79 7b 69 66 28 64 2e 63 73 73 53 75 70 70 6f 72 74 73 53 65 6c 65 63 74 6f 72 26 26 21 43 53 53 2e 73 75 70 70 6f 72 74 73 28 22 73 65 6c 65 63 74 6f
                                                                                                                                                                                                                                                                                        Data Ascii: )){(f=ee.test(t)&&ve(e.parentNode)||e)===e&&d.scope||((s=e.getAttribute("id"))?s=s.replace(re,ie):e.setAttribute("id",s=E)),o=(l=h(t)).length;while(o--)l[o]=(s?"#"+s:":scope")+" "+xe(l[o]);c=l.join(",")}try{if(d.cssSupportsSelector&&!CSS.supports("selecto
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:30 UTC1378INData Raw: 22 69 6e 20 65 26 26 65 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 74 7d 7d 66 75 6e 63 74 69 6f 6e 20 79 65 28 61 29 7b 72 65 74 75 72 6e 20 6c 65 28 66 75 6e 63 74 69 6f 6e 28 6f 29 7b 72 65 74 75 72 6e 20 6f 3d 2b 6f 2c 6c 65 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 61 28 5b 5d 2c 65 2e 6c 65 6e 67 74 68 2c 6f 29 2c 69 3d 72 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 69 2d 2d 29 65 5b 6e 3d 72 5b 69 5d 5d 26 26 28 65 5b 6e 5d 3d 21 28 74 5b 6e 5d 3d 65 5b 6e 5d 29 29 7d 29 7d 29 7d 66 75 6e 63 74 69 6f 6e 20 76 65 28 65 29 7b 72 65 74 75 72 6e 20 65 26 26 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 26 26 65 7d 66 6f 72 28 65 20 69 6e 20 64 3d 73 65 2e
                                                                                                                                                                                                                                                                                        Data Ascii: "in e&&e.disabled===t}}function ye(a){return le(function(o){return o=+o,le(function(e,t){var n,r=a([],e.length,o),i=r.length;while(i--)e[n=r[i]]&&(e[n]=!(t[n]=e[n]))})})}function ve(e){return e&&"undefined"!=typeof e.getElementsByTagName&&e}for(e in d=se.
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:30 UTC1378INData Raw: 3f 28 62 2e 66 69 6c 74 65 72 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 2e 72 65 70 6c 61 63 65 28 74 65 2c 6e 65 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 3d 3d 3d 74 7d 7d 2c 62 2e 66 69 6e 64 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 26 26 53 29 7b 76 61 72 20 6e 3d 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 65 29 3b 72 65 74 75 72 6e 20 6e 3f 5b 6e 5d 3a 5b 5d 7d 7d 29 3a 28 62 2e 66 69 6c 74 65 72 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 6e 3d 65 2e 72 65 70 6c 61 63 65
                                                                                                                                                                                                                                                                                        Data Ascii: ?(b.filter.ID=function(e){var t=e.replace(te,ne);return function(e){return e.getAttribute("id")===t}},b.find.ID=function(e,t){if("undefined"!=typeof t.getElementById&&S){var n=t.getElementById(e);return n?[n]:[]}}):(b.filter.ID=function(e){var n=e.replace
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:30 UTC1378INData Raw: 5b 73 65 6c 65 63 74 65 64 5d 22 29 2e 6c 65 6e 67 74 68 7c 7c 79 2e 70 75 73 68 28 22 5c 5c 5b 22 2b 4d 2b 22 2a 28 3f 3a 76 61 6c 75 65 7c 22 2b 52 2b 22 29 22 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 69 64 7e 3d 22 2b 45 2b 22 2d 5d 22 29 2e 6c 65 6e 67 74 68 7c 7c 79 2e 70 75 73 68 28 22 7e 3d 22 29 2c 28 74 3d 43 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 29 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 61 6d 65 22 2c 22 22 29 2c 65 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 74 29 2c 65 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 6e 61 6d 65 3d 27 27 5d 22 29 2e 6c 65 6e 67 74 68 7c 7c 79 2e 70 75 73 68 28 22 5c 5c 5b 22 2b 4d 2b 22 2a 6e 61 6d 65 22 2b 4d 2b 22 2a 3d 22 2b 4d 2b 22
                                                                                                                                                                                                                                                                                        Data Ascii: [selected]").length||y.push("\\["+M+"*(?:value|"+R+")"),e.querySelectorAll("[id~="+E+"-]").length||y.push("~="),(t=C.createElement("input")).setAttribute("name",""),e.appendChild(t),e.querySelectorAll("[name='']").length||y.push("\\["+M+"*name"+M+"*="+M+"
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:30 UTC1378INData Raw: 6e 74 45 6c 65 6d 65 6e 74 7c 7c 65 2c 72 3d 74 26 26 74 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 65 3d 3d 3d 72 7c 7c 21 28 21 72 7c 7c 31 21 3d 3d 72 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 28 6e 2e 63 6f 6e 74 61 69 6e 73 3f 6e 2e 63 6f 6e 74 61 69 6e 73 28 72 29 3a 65 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 26 26 31 36 26 65 2e 63 6f 6d 70 61 72 65 44 6f 63 75 6d 65 6e 74 50 6f 73 69 74 69 6f 6e 28 72 29 29 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 74 29 77 68 69 6c 65 28 74 3d 74 2e 70 61 72 65 6e 74 4e 6f 64 65 29 69 66 28 74 3d 3d 3d 65 29 72 65 74 75 72 6e 21 30 3b 72 65 74 75 72 6e 21 31 7d 2c 6a 3d 74 3f 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 65 3d 3d 3d 74 29 72 65 74 75
                                                                                                                                                                                                                                                                                        Data Ascii: ntElement||e,r=t&&t.parentNode;return e===r||!(!r||1!==r.nodeType||!(n.contains?n.contains(r):e.compareDocumentPosition&&16&e.compareDocumentPosition(r)))}:function(e,t){if(t)while(t=t.parentNode)if(t===e)return!0;return!1},j=t?function(e,t){if(e===t)retu


                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                        6192.168.2.749766151.101.194.1374438528C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:30 UTC307OUTGET /jquery-3.6.3.min.js HTTP/1.1
                                                                                                                                                                                                                                                                                        Accept: application/javascript, */*;q=0.8
                                                                                                                                                                                                                                                                                        Referer: https://www.msn.com/?ocid=iehp
                                                                                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                        Host: code.jquery.com
                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:30 UTC612INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                        Content-Length: 89947
                                                                                                                                                                                                                                                                                        Server: nginx
                                                                                                                                                                                                                                                                                        Content-Type: application/javascript; charset=utf-8
                                                                                                                                                                                                                                                                                        Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT
                                                                                                                                                                                                                                                                                        ETag: "28feccc0-15f5b"
                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=31536000, stale-while-revalidate=604800
                                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                        Cross-Origin-Resource-Policy: cross-origin
                                                                                                                                                                                                                                                                                        Via: 1.1 varnish, 1.1 varnish
                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                        Date: Wed, 20 Nov 2024 11:16:30 GMT
                                                                                                                                                                                                                                                                                        Age: 1466701
                                                                                                                                                                                                                                                                                        X-Served-By: cache-lga21985-LGA, cache-ewr-kewr1740038-EWR
                                                                                                                                                                                                                                                                                        X-Cache: HIT, HIT
                                                                                                                                                                                                                                                                                        X-Cache-Hits: 587, 1
                                                                                                                                                                                                                                                                                        X-Timer: S1732101390.408038,VS0,VE1
                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:30 UTC16384INData Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 33 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75
                                                                                                                                                                                                                                                                                        Data Ascii: /*! jQuery v3.6.3 | (c) OpenJS Foundation and other contributors | jquery.org/license */!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:30 UTC16384INData Raw: 6c 79 22 3d 3d 3d 68 26 26 21 75 26 26 22 6e 65 78 74 53 69 62 6c 69 6e 67 22 7d 72 65 74 75 72 6e 21 30 7d 69 66 28 75 3d 5b 6d 3f 63 2e 66 69 72 73 74 43 68 69 6c 64 3a 63 2e 6c 61 73 74 43 68 69 6c 64 5d 2c 6d 26 26 70 29 7b 64 3d 28 73 3d 28 72 3d 28 69 3d 28 6f 3d 28 61 3d 63 29 5b 45 5d 7c 7c 28 61 5b 45 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6f 5b 61 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 29 5b 68 5d 7c 7c 5b 5d 29 5b 30 5d 3d 3d 3d 6b 26 26 72 5b 31 5d 29 26 26 72 5b 32 5d 2c 61 3d 73 26 26 63 2e 63 68 69 6c 64 4e 6f 64 65 73 5b 73 5d 3b 77 68 69 6c 65 28 61 3d 2b 2b 73 26 26 61 26 26 61 5b 6c 5d 7c 7c 28 64 3d 73 3d 30 29 7c 7c 75 2e 70 6f 70 28 29 29 69 66 28 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 26 26 2b 2b 64 26
                                                                                                                                                                                                                                                                                        Data Ascii: ly"===h&&!u&&"nextSibling"}return!0}if(u=[m?c.firstChild:c.lastChild],m&&p){d=(s=(r=(i=(o=(a=c)[E]||(a[E]={}))[a.uniqueID]||(o[a.uniqueID]={}))[h]||[])[0]===k&&r[1])&&r[2],a=s&&c.childNodes[s];while(a=++s&&a&&a[l]||(d=s=0)||u.pop())if(1===a.nodeType&&++d&
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:30 UTC16384INData Raw: 7c 28 61 3d 21 30 29 2c 6c 26 26 28 61 3f 28 74 2e 63 61 6c 6c 28 65 2c 72 29 2c 74 3d 6e 75 6c 6c 29 3a 28 6c 3d 74 2c 74 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 72 65 74 75 72 6e 20 6c 2e 63 61 6c 6c 28 45 28 65 29 2c 6e 29 7d 29 29 2c 74 29 29 66 6f 72 28 3b 73 3c 75 3b 73 2b 2b 29 74 28 65 5b 73 5d 2c 6e 2c 61 3f 72 3a 72 2e 63 61 6c 6c 28 65 5b 73 5d 2c 73 2c 74 28 65 5b 73 5d 2c 6e 29 29 29 3b 72 65 74 75 72 6e 20 69 3f 65 3a 6c 3f 74 2e 63 61 6c 6c 28 65 29 3a 75 3f 74 28 65 5b 30 5d 2c 6e 29 3a 6f 7d 2c 5f 3d 2f 5e 2d 6d 73 2d 2f 2c 7a 3d 2f 2d 28 5b 61 2d 7a 5d 29 2f 67 3b 66 75 6e 63 74 69 6f 6e 20 55 28 65 2c 74 29 7b 72 65 74 75 72 6e 20 74 2e 74 6f 55 70 70 65 72 43 61 73 65 28 29 7d 66 75 6e 63 74 69 6f 6e 20 58 28 65 29 7b 72 65
                                                                                                                                                                                                                                                                                        Data Ascii: |(a=!0),l&&(a?(t.call(e,r),t=null):(l=t,t=function(e,t,n){return l.call(E(e),n)})),t))for(;s<u;s++)t(e[s],n,a?r:r.call(e[s],s,t(e[s],n)));return i?e:l?t.call(e):u?t(e[0],n):o},_=/^-ms-/,z=/-([a-z])/g;function U(e,t){return t.toUpperCase()}function X(e){re
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:30 UTC16384INData Raw: 28 65 29 29 29 66 6f 72 28 61 3d 79 65 28 63 29 2c 72 3d 30 2c 69 3d 28 6f 3d 79 65 28 65 29 29 2e 6c 65 6e 67 74 68 3b 72 3c 69 3b 72 2b 2b 29 73 3d 6f 5b 72 5d 2c 75 3d 61 5b 72 5d 2c 76 6f 69 64 20 30 2c 22 69 6e 70 75 74 22 3d 3d 3d 28 6c 3d 75 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 26 26 70 65 2e 74 65 73 74 28 73 2e 74 79 70 65 29 3f 75 2e 63 68 65 63 6b 65 64 3d 73 2e 63 68 65 63 6b 65 64 3a 22 69 6e 70 75 74 22 21 3d 3d 6c 26 26 22 74 65 78 74 61 72 65 61 22 21 3d 3d 6c 7c 7c 28 75 2e 64 65 66 61 75 6c 74 56 61 6c 75 65 3d 73 2e 64 65 66 61 75 6c 74 56 61 6c 75 65 29 3b 69 66 28 74 29 69 66 28 6e 29 66 6f 72 28 6f 3d 6f 7c 7c 79 65 28 65 29 2c 61 3d 61 7c 7c 79 65 28 63 29 2c 72 3d 30 2c 69 3d 6f 2e 6c 65 6e 67 74
                                                                                                                                                                                                                                                                                        Data Ascii: (e)))for(a=ye(c),r=0,i=(o=ye(e)).length;r<i;r++)s=o[r],u=a[r],void 0,"input"===(l=u.nodeName.toLowerCase())&&pe.test(s.type)?u.checked=s.checked:"input"!==l&&"textarea"!==l||(u.defaultValue=s.defaultValue);if(t)if(n)for(o=o||ye(e),a=a||ye(c),r=0,i=o.lengt
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:30 UTC16384INData Raw: 28 22 69 6e 70 75 74 22 29 2c 69 74 3d 53 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 65 6c 65 63 74 22 29 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 53 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 6f 70 74 69 6f 6e 22 29 29 2c 72 74 2e 74 79 70 65 3d 22 63 68 65 63 6b 62 6f 78 22 2c 76 2e 63 68 65 63 6b 4f 6e 3d 22 22 21 3d 3d 72 74 2e 76 61 6c 75 65 2c 76 2e 6f 70 74 53 65 6c 65 63 74 65 64 3d 69 74 2e 73 65 6c 65 63 74 65 64 2c 28 72 74 3d 53 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 29 2e 76 61 6c 75 65 3d 22 74 22 2c 72 74 2e 74 79 70 65 3d 22 72 61 64 69 6f 22 2c 76 2e 72 61 64 69 6f 56 61 6c 75 65 3d 22 74 22 3d 3d 3d 72 74 2e 76 61 6c 75 65 3b 76 61 72 20 70 74 2c 64 74 3d 45 2e 65 78 70 72 2e 61 74 74 72 48 61 6e
                                                                                                                                                                                                                                                                                        Data Ascii: ("input"),it=S.createElement("select").appendChild(S.createElement("option")),rt.type="checkbox",v.checkOn=""!==rt.value,v.optSelected=it.selected,(rt=S.createElement("input")).value="t",rt.type="radio",v.radioValue="t"===rt.value;var pt,dt=E.expr.attrHan
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:30 UTC8027INData Raw: 69 73 7d 7d 29 2c 45 2e 65 78 70 72 2e 70 73 65 75 64 6f 73 2e 68 69 64 64 65 6e 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 21 45 2e 65 78 70 72 2e 70 73 65 75 64 6f 73 2e 76 69 73 69 62 6c 65 28 65 29 7d 2c 45 2e 65 78 70 72 2e 70 73 65 75 64 6f 73 2e 76 69 73 69 62 6c 65 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 21 21 28 65 2e 6f 66 66 73 65 74 57 69 64 74 68 7c 7c 65 2e 6f 66 66 73 65 74 48 65 69 67 68 74 7c 7c 65 2e 67 65 74 43 6c 69 65 6e 74 52 65 63 74 73 28 29 2e 6c 65 6e 67 74 68 29 7d 2c 45 2e 61 6a 61 78 53 65 74 74 69 6e 67 73 2e 78 68 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 74 72 79 7b 72 65 74 75 72 6e 20 6e 65 77 20 43 2e 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 7d 63 61 74 63 68 28 65 29 7b 7d 7d 3b 76 61 72 20
                                                                                                                                                                                                                                                                                        Data Ascii: is}}),E.expr.pseudos.hidden=function(e){return!E.expr.pseudos.visible(e)},E.expr.pseudos.visible=function(e){return!!(e.offsetWidth||e.offsetHeight||e.getClientRects().length)},E.ajaxSettings.xhr=function(){try{return new C.XMLHttpRequest}catch(e){}};var


                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                        7192.168.2.74975818.244.18.384438528C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:30 UTC519OUTGET /b?rn=1732101388895&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=2B8265CB986F6AAB216270F699766BFB&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                                        Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
                                                                                                                                                                                                                                                                                        Referer: https://www.msn.com/?ocid=iehp
                                                                                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                        Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:30 UTC657INHTTP/1.1 302 Found
                                                                                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                        Date: Wed, 20 Nov 2024 11:16:30 GMT
                                                                                                                                                                                                                                                                                        Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                                        Location: /b2?rn=1732101388895&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=2B8265CB986F6AAB216270F699766BFB&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null
                                                                                                                                                                                                                                                                                        set-cookie: UID=16D958ca13a19c8f088178a1732101390; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                        Via: 1.1 5d328d2e734cff11e41c897ec72f465e.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                        X-Amz-Cf-Pop: FRA56-P11
                                                                                                                                                                                                                                                                                        X-Amz-Cf-Id: N2BGqE3_o36zvnwid7CxLbxQJAifN9QpXriRfnRr5SVyXO68fAXvHg==


                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                        8192.168.2.74975918.244.18.384438528C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:30 UTC567OUTGET /b2?rn=1732101388895&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=2B8265CB986F6AAB216270F699766BFB&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                                        Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
                                                                                                                                                                                                                                                                                        Referer: https://www.msn.com/?ocid=iehp
                                                                                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                        Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                        Cookie: UID=16D958ca13a19c8f088178a1732101390
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:30 UTC327INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                        Date: Wed, 20 Nov 2024 11:16:30 GMT
                                                                                                                                                                                                                                                                                        Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                        Via: 1.1 8614f084c2572336b13eed108c40e01e.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                        X-Amz-Cf-Pop: FRA56-P11
                                                                                                                                                                                                                                                                                        X-Amz-Cf-Id: SGmvzbS0KMt6wQIskfulkMM9SobKihl5chxCY5S9wvhci3lmEzcwuw==


                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                        9192.168.2.74974418.244.18.384436972C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:30 UTC567OUTGET /b2?rn=1732101388357&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=2B8265CB986F6AAB216270F699766BFB&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                                        Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
                                                                                                                                                                                                                                                                                        Referer: https://www.msn.com/?ocid=iehp
                                                                                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                        Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                        Cookie: UID=16D958ca13a19c8f088178a1732101390
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:30 UTC327INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                        Date: Wed, 20 Nov 2024 11:16:30 GMT
                                                                                                                                                                                                                                                                                        Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                        Via: 1.1 49c384ab63de091c5f4d1534f8845d0c.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                        X-Amz-Cf-Pop: FRA56-P11
                                                                                                                                                                                                                                                                                        X-Amz-Cf-Id: z67lZH7ar8Y25JrPtnuGX5C3LoXEvVoYTBOMEhakCqzED8B6kLFBKA==


                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                        10192.168.2.749787162.159.61.34437960C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:31 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                                                                                        Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                        Content-Length: 128
                                                                                                                                                                                                                                                                                        Accept: application/dns-message
                                                                                                                                                                                                                                                                                        Accept-Language: *
                                                                                                                                                                                                                                                                                        User-Agent: Chrome
                                                                                                                                                                                                                                                                                        Accept-Encoding: identity
                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:31 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 04 65 64 67 65 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 51 00 0c 00 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                        Data Ascii: edgemicrosoftcom)QM
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:31 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                                                                        Date: Wed, 20 Nov 2024 11:16:31 GMT
                                                                                                                                                                                                                                                                                        Content-Type: application/dns-message
                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                        Content-Length: 468
                                                                                                                                                                                                                                                                                        CF-RAY: 8e58074299fb5e86-EWR
                                                                                                                                                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:31 UTC468INData Raw: 00 00 81 80 00 01 00 04 00 00 00 01 04 65 64 67 65 09 6d 69 63 72 6f 73 6f 66 74 03 63 6f 6d 00 00 01 00 01 c0 0c 00 05 00 01 00 00 0e 03 00 2d 12 65 64 67 65 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 0b 64 75 61 6c 2d 61 2d 30 30 33 36 08 61 2d 6d 73 65 64 67 65 03 6e 65 74 00 c0 30 00 05 00 01 00 00 00 2f 00 02 c0 43 c0 43 00 01 00 01 00 00 00 2f 00 04 cc 4f c5 ef c0 43 00 01 00 01 00 00 00 2f 00 04 0d 6b 15 ef 00 00 29 04 d0 00 00 00 00 01 3e 00 0c 01 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                                                        Data Ascii: edgemicrosoftcom-edge-microsoft-comdual-a-0036a-msedgenet0/CC/OC/k)>:


                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                        11192.168.2.749810152.195.19.974437960C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:33 UTC614OUTGET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1732706185&P2=404&P3=2&P4=V6mNaCeNoH8LNEcQtVRF9AhFIgF0ObzO1ATiVnnJ16XVvFdHqYmnz4ainoGxCW7Xh9ZbJywzCBNwck%2f9sCNWAA%3d%3d HTTP/1.1
                                                                                                                                                                                                                                                                                        Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                                                                        MS-CV: MIQxLQfryzJVHDLEwpQoLW
                                                                                                                                                                                                                                                                                        Sec-Fetch-Site: none
                                                                                                                                                                                                                                                                                        Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                                                                                        Sec-Fetch-Dest: empty
                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                                                                                        Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:34 UTC633INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                        Age: 12027925
                                                                                                                                                                                                                                                                                        Cache-Control: public, max-age=17280000
                                                                                                                                                                                                                                                                                        Content-Type: application/x-chrome-extension
                                                                                                                                                                                                                                                                                        Date: Wed, 20 Nov 2024 11:16:34 GMT
                                                                                                                                                                                                                                                                                        Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8="
                                                                                                                                                                                                                                                                                        Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT
                                                                                                                                                                                                                                                                                        MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31
                                                                                                                                                                                                                                                                                        MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0
                                                                                                                                                                                                                                                                                        MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4
                                                                                                                                                                                                                                                                                        Server: ECAcc (nyd/D11E)
                                                                                                                                                                                                                                                                                        X-AspNet-Version: 4.0.30319
                                                                                                                                                                                                                                                                                        X-AspNetMvc-Version: 5.3
                                                                                                                                                                                                                                                                                        X-Cache: HIT
                                                                                                                                                                                                                                                                                        X-CCC: US
                                                                                                                                                                                                                                                                                        X-CID: 11
                                                                                                                                                                                                                                                                                        X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                        X-Powered-By: ARR/3.0
                                                                                                                                                                                                                                                                                        X-Powered-By: ASP.NET
                                                                                                                                                                                                                                                                                        Content-Length: 11185
                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:34 UTC11185INData Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20
                                                                                                                                                                                                                                                                                        Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc


                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                        12192.168.2.74982018.244.18.384437724C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:34 UTC566OUTGET /b?rn=1732101393612&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fwww.msn.com%2F%3Focid%3Diehp%26mkt%3Den-us&c8=MSN&c9=&cs_fpid=2B8265CB986F6AAB216270F699766BFB&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1
                                                                                                                                                                                                                                                                                        Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
                                                                                                                                                                                                                                                                                        Referer: https://www.msn.com/?ocid=iehp
                                                                                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                        Host: sb.scorecardresearch.com
                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                        Cookie: UID=16D958ca13a19c8f088178a1732101390
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:35 UTC435INHTTP/1.1 204 No Content
                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                        Date: Wed, 20 Nov 2024 11:16:35 GMT
                                                                                                                                                                                                                                                                                        Accept-CH: UA, Platform, Arch, Model, Mobile
                                                                                                                                                                                                                                                                                        set-cookie: UID=16D958ca13a19c8f088178a1732101390; domain=.scorecardresearch.com; path=/; max-age=33696000
                                                                                                                                                                                                                                                                                        X-Cache: Miss from cloudfront
                                                                                                                                                                                                                                                                                        Via: 1.1 74ca1b9f17cb4adcfc54f8b84ccc7d82.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                        X-Amz-Cf-Pop: FRA56-P11
                                                                                                                                                                                                                                                                                        X-Amz-Cf-Id: 8IgAJyvQqZPneTnEFI_yPI2Lk8behtMmpOM9KeOhzxFdlD49Rn3lBw==


                                                                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                        13192.168.2.749843151.101.129.1084437724C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:36 UTC297OUTGET /ast/ast.js HTTP/1.1
                                                                                                                                                                                                                                                                                        Accept: application/javascript, */*;q=0.8
                                                                                                                                                                                                                                                                                        Referer: https://www.msn.com/?ocid=iehp
                                                                                                                                                                                                                                                                                        Accept-Language: en-CH
                                                                                                                                                                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                        Host: acdn.adnxs.com
                                                                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:36 UTC565INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                                                                                        Content-Length: 149741
                                                                                                                                                                                                                                                                                        Server: nginx/1.18.0 (Ubuntu)
                                                                                                                                                                                                                                                                                        Content-Type: application/javascript
                                                                                                                                                                                                                                                                                        Last-Modified: Mon, 18 Nov 2024 18:01:14 GMT
                                                                                                                                                                                                                                                                                        ETag: "673b80ea-248ed"
                                                                                                                                                                                                                                                                                        Expires: Tue, 19 Nov 2024 18:02:42 GMT
                                                                                                                                                                                                                                                                                        Cache-Control: max-age=86402
                                                                                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                        Via: 1.1 varnish, 1.1 varnish
                                                                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                        Age: 62033
                                                                                                                                                                                                                                                                                        Date: Wed, 20 Nov 2024 11:16:36 GMT
                                                                                                                                                                                                                                                                                        X-Served-By: cache-lga21942-LGA, cache-ewr-kewr1740044-EWR
                                                                                                                                                                                                                                                                                        X-Cache: HIT, HIT
                                                                                                                                                                                                                                                                                        X-Cache-Hits: 34, 0
                                                                                                                                                                                                                                                                                        X-Timer: S1732101397.512359,VS0,VE1
                                                                                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:36 UTC1371INData Raw: 2f 2a 21 20 41 53 54 20 76 30 2e 36 36 2e 30 20 55 70 64 61 74 65 64 3a 20 32 30 32 34 2d 31 31 2d 31 38 20 2a 2f 21 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 7b 7d 3b 66 75 6e 63 74 69 6f 6e 20 6e 28 61 29 7b 69 66 28 74 5b 61 5d 29 72 65 74 75 72 6e 20 74 5b 61 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 72 3d 74 5b 61 5d 3d 7b 69 3a 61 2c 6c 3a 21 31 2c 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 72 65 74 75 72 6e 20 65 5b 61 5d 2e 63 61 6c 6c 28 72 2e 65 78 70 6f 72 74 73 2c 72 2c 72 2e 65 78 70 6f 72 74 73 2c 6e 29 2c 72 2e 6c 3d 21 30 2c 72 2e 65 78 70 6f 72 74 73 7d 6e 2e 6d 3d 65 2c 6e 2e 63 3d 74 2c 6e 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 61 29 7b 6e 2e 6f 28 65 2c 74 29 7c 7c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72
                                                                                                                                                                                                                                                                                        Data Ascii: /*! AST v0.66.0 Updated: 2024-11-18 */!function(e){var t={};function n(a){if(t[a])return t[a].exports;var r=t[a]={i:a,l:!1,exports:{}};return e[a].call(r.exports,r,r.exports,n),r.l=!0,r.exports}n.m=e,n.c=t,n.d=function(e,t,a){n.o(e,t)||Object.defineProper
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:36 UTC1371INData Raw: 7d 2c 22 6e 22 3a 7b 22 55 4e 44 45 46 49 4e 45 44 22 3a 22 75 6e 64 65 66 69 6e 65 64 22 2c 22 4f 42 4a 45 43 54 22 3a 22 6f 62 6a 65 63 74 22 2c 22 53 54 52 49 4e 47 22 3a 22 73 74 72 69 6e 67 22 2c 22 4e 55 4d 42 45 52 22 3a 22 6e 75 6d 62 65 72 22 7d 2c 22 65 22 3a 7b 22 49 45 22 3a 22 6d 73 69 65 22 2c 22 4f 50 45 52 41 22 3a 22 6f 70 65 72 61 22 7d 2c 22 71 22 3a 7b 22 4c 4f 41 44 45 44 22 3a 22 6c 6f 61 64 65 64 22 2c 22 49 4d 50 52 45 53 53 49 4f 4e 22 3a 22 69 6d 70 72 65 73 73 69 6f 6e 22 7d 2c 22 68 22 3a 7b 22 55 54 5f 42 41 53 45 22 3a 22 2f 75 74 2f 76 33 22 2c 22 49 4d 50 42 55 53 22 3a 22 69 62 2e 61 64 6e 78 73 2e 63 6f 6d 22 2c 22 49 4d 50 42 55 53 5f 53 49 4d 50 4c 45 22 3a 22 69 62 2e 61 64 6e 78 73 2d 73 69 6d 70 6c 65 2e 63 6f 6d 22
                                                                                                                                                                                                                                                                                        Data Ascii: },"n":{"UNDEFINED":"undefined","OBJECT":"object","STRING":"string","NUMBER":"number"},"e":{"IE":"msie","OPERA":"opera"},"q":{"LOADED":"loaded","IMPRESSION":"impression"},"h":{"UT_BASE":"/ut/v3","IMPBUS":"ib.adnxs.com","IMPBUS_SIMPLE":"ib.adnxs-simple.com"
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:36 UTC1371INData Raw: 3a 22 68 74 74 70 73 3a 2f 2f 61 64 73 64 6b 70 72 6f 64 2e 61 7a 75 72 65 65 64 67 65 2e 6e 65 74 2f 61 73 73 65 74 73 2f 73 63 72 69 70 74 73 2f 6f 6d 2f 6f 6d 69 64 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 2d 63 6c 69 65 6e 74 2d 76 31 2e 6a 73 22 7d 2c 22 69 22 3a 7b 22 52 45 51 55 45 53 54 22 3a 22 61 64 52 65 71 75 65 73 74 65 64 22 2c 22 41 56 41 49 4c 41 42 4c 45 22 3a 22 61 64 41 76 61 69 6c 61 62 6c 65 22 2c 22 4c 4f 41 44 45 44 22 3a 22 61 64 4c 6f 61 64 65 64 22 2c 22 4c 4f 41 44 45 44 5f 4d 45 44 49 41 54 45 44 22 3a 22 61 64 4c 6f 61 64 65 64 4d 65 64 69 61 74 65 64 22 2c 22 41 44 5f 43 4f 44 45 5f 53 54 41 52 54 5f 52 45 4e 44 45 52 22 3a 22 61 64 43 6f 64 65 52 65 6e 64 65 72 53 74 61 72 74 22 2c 22 4e 4f 5f 42 49 44 5f 4d 45 44 49 41 54 45
                                                                                                                                                                                                                                                                                        Data Ascii: :"https://adsdkprod.azureedge.net/assets/scripts/om/omid-verification-client-v1.js"},"i":{"REQUEST":"adRequested","AVAILABLE":"adAvailable","LOADED":"adLoaded","LOADED_MEDIATED":"adLoadedMediated","AD_CODE_START_RENDER":"adCodeRenderStart","NO_BID_MEDIATE
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:36 UTC1371INData Raw: 2f 62 61 74 2e 62 69 6e 67 2e 63 6f 6d 2f 22 2c 22 54 52 55 53 54 45 44 5f 42 49 44 44 49 4e 47 5f 53 49 47 4e 41 4c 53 5f 55 52 4c 22 3a 22 68 74 74 70 73 3a 2f 2f 69 62 2e 61 64 6e 78 73 2e 63 6f 6d 2f 70 73 2f 69 62 2f 70 61 2f 6b 76 22 2c 22 42 49 44 44 49 4e 47 5f 4c 4f 47 49 43 5f 55 52 4c 22 3a 22 68 74 74 70 73 3a 2f 2f 62 61 74 2e 62 69 6e 67 2e 63 6f 6d 2f 70 61 2f 70 73 2f 78 2f 63 64 6e 2f 62 69 64 64 69 6e 67 2f 62 69 64 64 69 6e 67 2d 63 75 72 72 65 6e 74 2e 6a 73 22 2c 22 44 45 43 49 53 49 4f 4e 5f 4c 4f 47 49 43 5f 55 52 4c 22 3a 22 68 74 74 70 73 3a 2f 2f 62 61 74 2e 62 69 6e 67 2e 63 6f 6d 2f 70 61 2f 70 73 2f 78 2f 63 64 6e 2f 73 63 6f 72 69 6e 67 2f 73 63 6f 72 69 6e 67 2d 63 75 72 72 65 6e 74 2e 6a 73 22 7d 7d 2c 22 63 22 3a 7b 22 4a
                                                                                                                                                                                                                                                                                        Data Ascii: /bat.bing.com/","TRUSTED_BIDDING_SIGNALS_URL":"https://ib.adnxs.com/ps/ib/pa/kv","BIDDING_LOGIC_URL":"https://bat.bing.com/pa/ps/x/cdn/bidding/bidding-current.js","DECISION_LOGIC_URL":"https://bat.bing.com/pa/ps/x/cdn/scoring/scoring-current.js"}},"c":{"J
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:36 UTC1371INData Raw: 65 6d 65 74 72 79 22 2c 7b 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 73 2e 50 65 72 66 6f 72 6d 61 6e 63 65 54 65 6c 65 6d 65 74 72 79 7d 7d 29 3b 74 2e 69 6e 69 74 54 65 6c 65 6d 65 74 72 79 3d 28 65 2c 74 29 3d 3e 7b 69 66 28 61 2e 54 65 6c 65 6d 65 74 72 79 53 68 61 72 65 64 44 61 74 61 2e 69 6e 69 74 65 64 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 54 65 6c 65 6d 65 74 72 79 20 69 73 20 61 6c 72 65 61 64 79 20 69 6e 69 74 65 64 2e 22 29 3b 61 2e 54 65 6c 65 6d 65 74 72 79 53 68 61 72 65 64 44 61 74 61 2e 73 65 74 53 61 6d 70 6c 65 52 61 74 65 28 65 29 2c 61 2e 54 65 6c 65 6d 65 74 72 79 53 68 61 72 65 64 44 61 74 61 2e 69 6e 69 74 65 64 3d 21 30 2c 28 30 2c 69 2e 69 6e 69 74 4c 69 73 74
                                                                                                                                                                                                                                                                                        Data Ascii: emetry",{enumerable:!0,get:function(){return s.PerformanceTelemetry}});t.initTelemetry=(e,t)=>{if(a.TelemetrySharedData.inited)throw Error("Telemetry is already inited.");a.TelemetrySharedData.setSampleRate(e),a.TelemetrySharedData.inited=!0,(0,i.initList
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:36 UTC1371INData Raw: 65 29 7b 72 65 74 75 72 6e 28 6e 75 6c 6c 3d 3d 3d 28 74 3d 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 61 6e 63 65 73 74 6f 72 4f 72 69 67 69 6e 73 29 7c 7c 76 6f 69 64 20 30 3d 3d 3d 74 3f 76 6f 69 64 20 30 3a 74 2e 6c 65 6e 67 74 68 29 3e 30 3f 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 61 6e 63 65 73 74 6f 72 4f 72 69 67 69 6e 73 5b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 61 6e 63 65 73 74 6f 72 4f 72 69 67 69 6e 73 2e 6c 65 6e 67 74 68 2d 31 5d 3a 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 7d 7d 2c 74 2e 73 63 72 65 65 6e 49 6e 66 6f 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 7b 64 65 76 69 63 65 50 69 78 65 6c 52 61 74 69 6f 3a 28 6e 75 6c 6c 3d 3d 3d 77 69 6e 64 6f 77 7c 7c 76 6f 69 64 20 30 3d 3d 3d 77
                                                                                                                                                                                                                                                                                        Data Ascii: e){return(null===(t=window.location.ancestorOrigins)||void 0===t?void 0:t.length)>0?window.location.ancestorOrigins[window.location.ancestorOrigins.length-1]:window.location.href}},t.screenInfo=function(){return{devicePixelRatio:(null===window||void 0===w
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:36 UTC1371INData Raw: 74 68 26 26 67 28 29 29 7d 66 75 6e 63 74 69 6f 6e 20 67 28 29 7b 69 66 28 21 6c 29 7b 76 61 72 20 65 3d 73 28 70 29 3b 6c 3d 21 30 3b 66 6f 72 28 76 61 72 20 74 3d 63 2e 6c 65 6e 67 74 68 3b 74 3b 29 7b 66 6f 72 28 64 3d 63 2c 63 3d 5b 5d 3b 2b 2b 75 3c 74 3b 29 64 26 26 64 5b 75 5d 2e 72 75 6e 28 29 3b 75 3d 2d 31 2c 74 3d 63 2e 6c 65 6e 67 74 68 7d 64 3d 6e 75 6c 6c 2c 6c 3d 21 31 2c 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 61 3d 3d 3d 63 6c 65 61 72 54 69 6d 65 6f 75 74 29 72 65 74 75 72 6e 20 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 65 29 3b 69 66 28 28 61 3d 3d 3d 6f 7c 7c 21 61 29 26 26 63 6c 65 61 72 54 69 6d 65 6f 75 74 29 72 65 74 75 72 6e 20 61 3d 63 6c 65 61 72 54 69 6d 65 6f 75 74 2c 63 6c 65 61 72 54 69 6d 65 6f 75 74 28 65 29 3b 74 72 79
                                                                                                                                                                                                                                                                                        Data Ascii: th&&g())}function g(){if(!l){var e=s(p);l=!0;for(var t=c.length;t;){for(d=c,c=[];++u<t;)d&&d[u].run();u=-1,t=c.length}d=null,l=!1,function(e){if(a===clearTimeout)return clearTimeout(e);if((a===o||!a)&&clearTimeout)return a=clearTimeout,clearTimeout(e);try
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:36 UTC1371INData Raw: 7c 76 6f 69 64 20 30 3d 3d 3d 74 3f 76 6f 69 64 20 30 3a 74 2e 69 6e 63 6c 75 64 65 73 28 22 2f 2f 6c 6f 63 61 6c 68 6f 73 74 22 29 29 29 7c 7c 61 2e 54 65 6c 65 6d 65 74 72 79 53 68 61 72 65 64 44 61 74 61 2e 73 6b 69 70 4c 6f 67 67 69 6e 67 7d 6c 6f 67 28 74 2c 7b 69 64 3a 6e 7d 3d 7b 7d 29 7b 63 6f 6e 73 74 20 73 3d 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 4f 62 6a 65 63 74 2e 61 73 73 69 67 6e 28 7b 7d 2c 61 2e 54 65 6c 65 6d 65 74 72 79 53 68 61 72 65 64 44 61 74 61 2e 67 65 74 53 65 73 73 69 6f 6e 44 61 74 61 28 29 29 2c 61 2e 54 65 6c 65 6d 65 74 72 79 53 68 61 72 65 64 44 61 74 61 2e 67 65 74 50 6c 61 63 65 6d 65 6e 74 44 61 74 61 28 6e 29 29 2c 74 29 2c 7b 74 69
                                                                                                                                                                                                                                                                                        Data Ascii: |void 0===t?void 0:t.includes("//localhost")))||a.TelemetrySharedData.skipLogging}log(t,{id:n}={}){const s=Object.assign(Object.assign(Object.assign(Object.assign({},a.TelemetrySharedData.getSessionData()),a.TelemetrySharedData.getPlacementData(n)),t),{ti
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:36 UTC1371INData Raw: 2e 64 65 76 69 63 65 50 69 78 65 6c 52 61 74 69 6f 2c 6e 65 74 77 6f 72 6b 54 79 70 65 3a 6f 2c 6c 61 6e 67 3a 6e 61 76 69 67 61 74 6f 72 2e 6c 61 6e 67 75 61 67 65 7d 7d 73 65 74 53 61 6d 70 6c 65 52 61 74 65 28 74 29 7b 74 68 69 73 2e 73 61 6d 70 6c 65 52 61 74 65 3d 65 2e 65 6e 76 2e 49 53 5f 44 45 56 7c 7c 65 2e 65 6e 76 2e 49 53 5f 54 45 53 54 53 7c 7c 28 30 2c 72 2e 61 6c 6c 6f 77 54 65 6c 65 6d 65 74 72 79 29 28 29 3f 31 3a 74 2c 74 68 69 73 2e 73 6b 69 70 4c 6f 67 67 69 6e 67 3d 74 68 69 73 2e 73 6b 69 70 4c 6f 67 67 69 6e 67 42 79 53 61 6d 70 6c 65 52 61 74 65 28 29 7d 73 6b 69 70 4c 6f 67 67 69 6e 67 42 79 53 61 6d 70 6c 65 52 61 74 65 28 29 7b 72 65 74 75 72 6e 20 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3e 74 68 69 73 2e 73 61 6d 70 6c 65 52 61
                                                                                                                                                                                                                                                                                        Data Ascii: .devicePixelRatio,networkType:o,lang:navigator.language}}setSampleRate(t){this.sampleRate=e.env.IS_DEV||e.env.IS_TESTS||(0,r.allowTelemetry)()?1:t,this.skipLogging=this.skipLoggingBySampleRate()}skipLoggingBySampleRate(){return Math.random()>this.sampleRa
                                                                                                                                                                                                                                                                                        2024-11-20 11:16:36 UTC1371INData Raw: 61 2b 2b 5d 5d 2c 22 2d 22 2c 72 5b 65 5b 61 2b 2b 5d 5d 2c 72 5b 65 5b 61 2b 2b 5d 5d 2c 72 5b 65 5b 61 2b 2b 5d 5d 2c 72 5b 65 5b 61 2b 2b 5d 5d 2c 72 5b 65 5b 61 2b 2b 5d 5d 2c 72 5b 65 5b 61 2b 2b 5d 5d 5d 2e 6a 6f 69 6e 28 22 22 29 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 28 66 75 6e 63 74 69 6f 6e 28 65 29 7b 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 2c 22 5f 5f 65 73 4d 6f 64 75 6c 65 22 2c 7b 76 61 6c 75 65 3a 21 30 7d 29 2c 74 2e 63 6f 6e 66 69 67 3d 76 6f 69 64 20 30 3b 63 6f 6e 73 74 20 61 3d 6e 28 31 34 29 2c 72 3d 6e 28 31 35 29 3b 6c 65 74 20 69 3d 61 2e 63 6f 6e 66 69 67 50 72 6f 64 3b 74 2e 63 6f 6e 66 69 67 3d 69 2c 65 2e 65 6e 76 2e 49 53 5f 44 45 56 26 26
                                                                                                                                                                                                                                                                                        Data Ascii: a++]],"-",r[e[a++]],r[e[a++]],r[e[a++]],r[e[a++]],r[e[a++]],r[e[a++]]].join("")}},function(e,t,n){"use strict";(function(e){Object.defineProperty(t,"__esModule",{value:!0}),t.config=void 0;const a=n(14),r=n(15);let i=a.configProd;t.config=i,e.env.IS_DEV&&


                                                                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:0
                                                                                                                                                                                                                                                                                        Start time:06:16:15
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\loaddll32.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:loaddll32.exe "C:\Users\user\Desktop\WSock.dll"
                                                                                                                                                                                                                                                                                        Imagebase:0x360000
                                                                                                                                                                                                                                                                                        File size:126'464 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:51E6071F9CBA48E79F10C84515AAE618
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:1
                                                                                                                                                                                                                                                                                        Start time:06:16:15
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff75da10000
                                                                                                                                                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:2
                                                                                                                                                                                                                                                                                        Start time:06:16:15
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\WSock.dll",#1
                                                                                                                                                                                                                                                                                        Imagebase:0x410000
                                                                                                                                                                                                                                                                                        File size:236'544 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:3
                                                                                                                                                                                                                                                                                        Start time:06:16:15
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:rundll32.exe C:\Users\user\Desktop\WSock.dll,LibClassDesc
                                                                                                                                                                                                                                                                                        Imagebase:0x900000
                                                                                                                                                                                                                                                                                        File size:61'440 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:4
                                                                                                                                                                                                                                                                                        Start time:06:16:15
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:rundll32.exe "C:\Users\user\Desktop\WSock.dll",#1
                                                                                                                                                                                                                                                                                        Imagebase:0x900000
                                                                                                                                                                                                                                                                                        File size:61'440 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Reputation:high
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:5
                                                                                                                                                                                                                                                                                        Start time:06:16:15
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\rundll32Srv.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\SysWOW64\rundll32Srv.exe
                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                        File size:56'320 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:FF5E1F27193CE51EEC318714EF038BEF
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Ramnit, Description: Yara detected Ramnit, Source: 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                        • Rule: MAL_Ramnit_May19_1, Description: Detects Ramnit malware, Source: C:\Windows\SysWOW64\rundll32Srv.exe, Author: Florian Roth
                                                                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                                                                        • Detection: 100%, ReversingLabs
                                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:7
                                                                                                                                                                                                                                                                                        Start time:06:16:16
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\DesktopLayer.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                        File size:56'320 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:FF5E1F27193CE51EEC318714EF038BEF
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Ramnit, Description: Yara detected Ramnit, Source: 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                        • Rule: MAL_Ramnit_May19_1, Description: Detects Ramnit malware, Source: C:\Program Files (x86)\Microsoft\DesktopLayer.exe, Author: Florian Roth
                                                                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                                                                        • Detection: 100%, Avira
                                                                                                                                                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                                                        • Detection: 100%, ReversingLabs
                                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:8
                                                                                                                                                                                                                                                                                        Start time:06:16:16
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                        Imagebase:0x40000
                                                                                                                                                                                                                                                                                        File size:834'512 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:CFE2E6942AC1B72981B3105E22D3224E
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:10
                                                                                                                                                                                                                                                                                        Start time:06:16:16
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5736 CREDAT:17410 /prefetch:2
                                                                                                                                                                                                                                                                                        Imagebase:0xc70000
                                                                                                                                                                                                                                                                                        File size:828'368 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:6F0F06D6AB125A99E43335427066A4A1
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:13
                                                                                                                                                                                                                                                                                        Start time:06:16:18
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\117.0.2045.47\BHO\ie_to_edge_stub.exe" --from-ie-to-edge=3 --ie-frame-hwnd=10436
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff69b4b0000
                                                                                                                                                                                                                                                                                        File size:540'712 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:89CF8972D683795DAB6901BC9456675D
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:14
                                                                                                                                                                                                                                                                                        Start time:06:16:18
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Java\jre-1.8\bin\ssvagent.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:"C:\PROGRA~2\Java\jre-1.8\bin\ssvagent.exe" -new
                                                                                                                                                                                                                                                                                        Imagebase:0xe60000
                                                                                                                                                                                                                                                                                        File size:85'632 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:F9A898A606E7F5A1CD7CFFA8079253A0
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Reputation:moderate
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:15
                                                                                                                                                                                                                                                                                        Start time:06:16:18
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=10436
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:17
                                                                                                                                                                                                                                                                                        Start time:06:16:18
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:rundll32.exe C:\Users\user\Desktop\WSock.dll,LibDescription
                                                                                                                                                                                                                                                                                        Imagebase:0x900000
                                                                                                                                                                                                                                                                                        File size:61'440 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:18
                                                                                                                                                                                                                                                                                        Start time:06:16:19
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2216 --field-trial-handle=2060,i,17826579582961614741,2272508256986252426,262144 /prefetch:3
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:19
                                                                                                                                                                                                                                                                                        Start time:06:16:19
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\rundll32Srv.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\SysWOW64\rundll32Srv.exe
                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                        File size:56'320 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:FF5E1F27193CE51EEC318714EF038BEF
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Ramnit, Description: Yara detected Ramnit, Source: 00000013.00000002.1302171907.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:20
                                                                                                                                                                                                                                                                                        Start time:06:16:19
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --from-ie-to-edge=3 --ie-frame-hwnd=10436 --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:21
                                                                                                                                                                                                                                                                                        Start time:06:16:19
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\DesktopLayer.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                        File size:56'320 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:FF5E1F27193CE51EEC318714EF038BEF
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Ramnit, Description: Yara detected Ramnit, Source: 00000015.00000002.1320860861.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:23
                                                                                                                                                                                                                                                                                        Start time:06:16:19
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2780 --field-trial-handle=1988,i,11845667216547676370,5432246328474800705,262144 /prefetch:3
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:24
                                                                                                                                                                                                                                                                                        Start time:06:16:22
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:rundll32.exe C:\Users\user\Desktop\WSock.dll,LibNumberClasses
                                                                                                                                                                                                                                                                                        Imagebase:0x900000
                                                                                                                                                                                                                                                                                        File size:61'440 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:27
                                                                                                                                                                                                                                                                                        Start time:06:16:22
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6ae5e0000
                                                                                                                                                                                                                                                                                        File size:834'512 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:CFE2E6942AC1B72981B3105E22D3224E
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:29
                                                                                                                                                                                                                                                                                        Start time:06:16:23
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5736 CREDAT:17414 /prefetch:2
                                                                                                                                                                                                                                                                                        Imagebase:0xc70000
                                                                                                                                                                                                                                                                                        File size:828'368 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:6F0F06D6AB125A99E43335427066A4A1
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:30
                                                                                                                                                                                                                                                                                        Start time:06:16:24
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6004 --field-trial-handle=1988,i,11845667216547676370,5432246328474800705,262144 /prefetch:8
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff7fb980000
                                                                                                                                                                                                                                                                                        File size:4'210'216 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                                                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:31
                                                                                                                                                                                                                                                                                        Start time:06:16:25
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\loaddll32Srv.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\system32\loaddll32Srv.exe
                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                        File size:56'320 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:FF5E1F27193CE51EEC318714EF038BEF
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Ramnit, Description: Yara detected Ramnit, Source: 0000001F.00000002.1350693786.0000000000400000.00000040.00000001.01000000.00000013.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                        • Rule: MAL_Ramnit_May19_1, Description: Detects Ramnit malware, Source: C:\Windows\SysWOW64\loaddll32Srv.exe, Author: Florian Roth
                                                                                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                                                                                        • Detection: 100%, ReversingLabs
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:32
                                                                                                                                                                                                                                                                                        Start time:06:16:25
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:rundll32.exe "C:\Users\user\Desktop\WSock.dll",LibClassDesc
                                                                                                                                                                                                                                                                                        Imagebase:0x900000
                                                                                                                                                                                                                                                                                        File size:61'440 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:33
                                                                                                                                                                                                                                                                                        Start time:06:16:25
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:rundll32.exe "C:\Users\user\Desktop\WSock.dll",LibDescription
                                                                                                                                                                                                                                                                                        Imagebase:0x900000
                                                                                                                                                                                                                                                                                        File size:61'440 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:34
                                                                                                                                                                                                                                                                                        Start time:06:16:25
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:rundll32.exe "C:\Users\user\Desktop\WSock.dll",LibNumberClasses
                                                                                                                                                                                                                                                                                        Imagebase:0x900000
                                                                                                                                                                                                                                                                                        File size:61'440 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:35
                                                                                                                                                                                                                                                                                        Start time:06:16:25
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:rundll32.exe "C:\Users\user\Desktop\WSock.dll",LibVersion
                                                                                                                                                                                                                                                                                        Imagebase:0x900000
                                                                                                                                                                                                                                                                                        File size:61'440 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:36
                                                                                                                                                                                                                                                                                        Start time:06:16:25
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\DesktopLayer.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                        File size:56'320 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:FF5E1F27193CE51EEC318714EF038BEF
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Ramnit, Description: Yara detected Ramnit, Source: 00000024.00000002.1364558971.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:38
                                                                                                                                                                                                                                                                                        Start time:06:16:26
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6ae5e0000
                                                                                                                                                                                                                                                                                        File size:834'512 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:CFE2E6942AC1B72981B3105E22D3224E
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:39
                                                                                                                                                                                                                                                                                        Start time:06:16:27
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5736 CREDAT:82950 /prefetch:2
                                                                                                                                                                                                                                                                                        Imagebase:0xc70000
                                                                                                                                                                                                                                                                                        File size:828'368 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:6F0F06D6AB125A99E43335427066A4A1
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:40
                                                                                                                                                                                                                                                                                        Start time:06:16:27
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\rundll32Srv.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:C:\Windows\SysWOW64\rundll32Srv.exe
                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                        File size:56'320 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:FF5E1F27193CE51EEC318714EF038BEF
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Ramnit, Description: Yara detected Ramnit, Source: 00000028.00000002.1374564126.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:41
                                                                                                                                                                                                                                                                                        Start time:06:16:28
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Microsoft\DesktopLayer.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
                                                                                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                                                                                        File size:56'320 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:FF5E1F27193CE51EEC318714EF038BEF
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                                                                        • Rule: JoeSecurity_Ramnit, Description: Yara detected Ramnit, Source: 00000029.00000002.1379208634.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:42
                                                                                                                                                                                                                                                                                        Start time:06:16:28
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                        Imagebase:0x7ff6ae5e0000
                                                                                                                                                                                                                                                                                        File size:834'512 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:CFE2E6942AC1B72981B3105E22D3224E
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:true

                                                                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                                                                        Target ID:43
                                                                                                                                                                                                                                                                                        Start time:06:16:28
                                                                                                                                                                                                                                                                                        Start date:20/11/2024
                                                                                                                                                                                                                                                                                        Path:C:\Program Files (x86)\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                        Commandline:"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5736 CREDAT:17420 /prefetch:2
                                                                                                                                                                                                                                                                                        Imagebase:0xc70000
                                                                                                                                                                                                                                                                                        File size:828'368 bytes
                                                                                                                                                                                                                                                                                        MD5 hash:6F0F06D6AB125A99E43335427066A4A1
                                                                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                        Has exited:false

                                                                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                          Execution Coverage:4.5%
                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                          Signature Coverage:28.7%
                                                                                                                                                                                                                                                                                          Total number of Nodes:209
                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:8
                                                                                                                                                                                                                                                                                          execution_graph 4265 5b3519 4268 5b19c1 4265->4268 4266 5b36b6 NtQuerySystemInformation 4267 5b36c9 4266->4267 4266->4268 4267->4267 4268->4265 4268->4266 4269 5b19d7 4268->4269 4516 401295 CreateFileA 4517 4012c0 4516->4517 4518 4012f8 4516->4518 4519 4012d7 WriteFile CloseHandle 4517->4519 4520 4012c9 SetFilePointer 4517->4520 4519->4518 4520->4519 4458 402a59 4460 402a74 4458->4460 4459 402b19 4460->4459 4466 402270 4460->4466 4465 402ad3 VirtualProtectEx WriteProcessMemory VirtualProtectEx 4465->4459 4492 40220e 4466->4492 4469 40228a ReadProcessMemory 4470 4022a6 4469->4470 4472 4022d1 4469->4472 4471 4022ae ReadProcessMemory 4470->4471 4470->4472 4471->4472 4472->4459 4473 402002 4472->4473 4476 40201e 4473->4476 4474 402033 VirtualAlloc 4475 402062 VirtualFree VirtualAllocEx 4474->4475 4474->4476 4475->4476 4476->4474 4477 40209a 4476->4477 4491 4021f2 4476->4491 4477->4491 4496 402602 4477->4496 4480 4020c9 WriteProcessMemory 4481 4020eb 4480->4481 4480->4491 4507 401f20 VirtualAllocEx 4481->4507 4483 402103 4484 401f20 2 API calls 4483->4484 4483->4491 4485 40212a 4484->4485 4486 402133 GetModuleFileNameA 4485->4486 4485->4491 4487 4021be 4486->4487 4488 401f20 2 API calls 4487->4488 4489 4021d6 4488->4489 4490 401f20 2 API calls 4489->4490 4489->4491 4490->4491 4491->4459 4491->4465 4493 402234 4492->4493 4494 40225a 4493->4494 4495 402238 ReadProcessMemory 4493->4495 4494->4469 4494->4472 4495->4494 4497 402613 4496->4497 4498 40264a VirtualAlloc 4497->4498 4504 4020c0 4497->4504 4499 402671 VirtualAlloc 4498->4499 4498->4504 4500 402698 4499->4500 4499->4504 4501 4026ae VirtualProtect 4500->4501 4503 4026c9 4501->4503 4502 4026eb VirtualAlloc 4502->4503 4502->4504 4503->4502 4503->4504 4505 402742 4503->4505 4504->4480 4504->4491 4505->4504 4506 4027b1 VirtualProtect 4505->4506 4506->4504 4506->4505 4508 401f59 4507->4508 4509 401f3e WriteProcessMemory 4507->4509 4508->4483 4509->4508 4270 5b2740 4271 5b2745 NtFreeVirtualMemory 4270->4271 4273 5b2e0f 4271->4273 4274 402c5b 4297 401718 RegOpenKeyA 4274->4297 4276 402cdf ExitProcess 4277 402c6a 4277->4276 4317 4016df CreateMutexA 4277->4317 4280 402c88 4280->4276 4283 402c8d GetModuleFileNameA 4280->4283 4281 402c7d 4342 4016c2 4281->4342 4285 402ca9 4283->4285 4323 402b89 4285->4323 4288 402cb8 ExitProcess 4289 402cbf 4345 401848 GetModuleHandleA 4289->4345 4295 402cda 4371 402b62 4295->4371 4298 4017b5 ExpandEnvironmentStringsA 4297->4298 4299 40173a RegQueryValueExA 4297->4299 4300 4017c9 4298->4300 4301 4017df RegOpenKeyA 4298->4301 4378 40103d 4299->4378 4308 4011df 2 API calls 4300->4308 4304 401831 4301->4304 4305 4017fb RegQueryValueExA 4301->4305 4303 401760 RegCloseKey lstrlen 4306 40177b 4303->4306 4304->4277 4315 40183f 4304->4315 4384 40103d 4305->4384 4311 40179c 4306->4311 4312 40177f lstrcpy lstrlen 4306->4312 4310 4017da 4308->4310 4309 401821 RegCloseKey 4313 4011df 2 API calls 4309->4313 4310->4301 4310->4315 4379 4011df 4311->4379 4312->4311 4313->4304 4315->4277 4318 401711 4317->4318 4319 4016f8 GetLastError 4317->4319 4318->4280 4318->4281 4319->4318 4320 401704 4319->4320 4321 4016c2 2 API calls 4320->4321 4322 40170c 4321->4322 4322->4318 4324 402bbf 4323->4324 4325 402b9f GetVolumePathNameA 4323->4325 4327 402c10 4324->4327 4328 402bca lstrlen 4324->4328 4325->4324 4326 402bb1 GetDriveTypeA 4325->4326 4326->4324 4329 402c54 4327->4329 4392 4015bf 4327->4392 4386 40161b 4328->4386 4329->4288 4329->4289 4334 402bf2 lstrcmpiA 4335 402c08 GlobalFree 4334->4335 4337 402c03 4334->4337 4335->4327 4336 402c29 CopyFileA 4338 402c4c GlobalFree 4336->4338 4339 402c3d 4336->4339 4337->4335 4338->4329 4340 401379 3 API calls 4339->4340 4341 402c47 4340->4341 4341->4338 4343 4016db 4342->4343 4344 4016cb ReleaseMutex CloseHandle 4342->4344 4343->4280 4344->4343 4346 401861 GetProcAddress 4345->4346 4360 4019c1 4345->4360 4347 40187a GetProcAddress 4346->4347 4346->4360 4348 401895 GetProcAddress 4347->4348 4347->4360 4349 4018b0 GetProcAddress 4348->4349 4348->4360 4350 4018cb GetProcAddress 4349->4350 4349->4360 4351 4018e6 GetProcAddress 4350->4351 4350->4360 4352 401901 GetProcAddress 4351->4352 4351->4360 4353 40191c GetProcAddress 4352->4353 4352->4360 4354 401937 GetProcAddress 4353->4354 4353->4360 4355 40194e GetProcAddress 4354->4355 4354->4360 4356 401965 GetProcAddress 4355->4356 4355->4360 4357 40197c GetProcAddress 4356->4357 4356->4360 4358 401993 GetProcAddress 4357->4358 4357->4360 4359 4019aa GetProcAddress 4358->4359 4358->4360 4359->4360 4360->4276 4361 402b1e 4360->4361 4420 40288e GetCurrentProcessId 4361->4420 4368 401379 4369 40138a 4368->4369 4370 401395 CreateProcessA CloseHandle CloseHandle 4369->4370 4370->4295 4372 40288e 10 API calls 4371->4372 4373 402b67 4372->4373 4374 402b7b 4373->4374 4448 4029df 4373->4448 4376 40289c 10 API calls 4374->4376 4377 402b88 4376->4377 4377->4276 4378->4303 4385 401000 4379->4385 4381 4011f9 FindFirstFileA 4382 40121a 4381->4382 4383 40120d FindClose 4381->4383 4382->4298 4382->4315 4383->4382 4384->4309 4385->4381 4387 401631 4386->4387 4388 4016aa 4386->4388 4387->4388 4389 401637 4387->4389 4388->4327 4388->4334 4388->4335 4399 401191 GlobalAlloc 4389->4399 4391 401654 4391->4388 4393 4015d5 4392->4393 4394 40160f 4392->4394 4401 401402 4393->4401 4394->4329 4394->4336 4397 4015e1 lstrlen GlobalReAlloc 4397->4394 4398 401601 lstrcat 4397->4398 4398->4394 4400 4011b3 4399->4400 4400->4391 4413 401420 4401->4413 4402 4015b0 4402->4394 4402->4397 4403 40143b ExpandEnvironmentStringsA 4403->4413 4404 401460 ExpandEnvironmentStringsA 4404->4413 4405 401485 ExpandEnvironmentStringsA 4405->4413 4406 4014a7 ExpandEnvironmentStringsA 4406->4413 4407 401534 CreateDirectoryA 4417 401223 GetTempFileNameA CreateFileA 4407->4417 4408 401525 lstrcat 4408->4407 4409 4014c9 GetSystemDirectoryA 4409->4413 4410 4014e5 GetWindowsDirectoryA 4410->4413 4412 401501 GetTempPathA 4412->4413 4413->4402 4413->4403 4413->4404 4413->4405 4413->4406 4413->4407 4413->4408 4413->4409 4413->4410 4413->4412 4414 401552 lstrlen GlobalAlloc 4413->4414 4415 40159c 4414->4415 4416 40156d lstrcpy lstrlen 4414->4416 4415->4402 4416->4415 4418 401280 DeleteFileA 4417->4418 4419 401265 CloseHandle DeleteFileA 4417->4419 4418->4413 4419->4413 4431 4027e0 GetCurrentThreadId CreateToolhelp32Snapshot 4420->4431 4423 4029a2 GetModuleHandleA 4424 4029d8 4423->4424 4425 4029b9 GetProcAddress 4423->4425 4428 40289c GetCurrentProcessId 4424->4428 4425->4424 4426 4029c6 4425->4426 4441 4028ca VirtualProtect 4426->4441 4429 4027e0 9 API calls 4428->4429 4430 4028a9 4429->4430 4430->4368 4432 402805 Thread32First 4431->4432 4433 402887 4431->4433 4434 402820 4432->4434 4435 40287a CloseHandle 4432->4435 4433->4423 4436 402869 Thread32Next 4434->4436 4437 402830 OpenThread 4434->4437 4438 402849 SuspendThread 4434->4438 4439 402861 CloseHandle 4434->4439 4440 402859 ResumeThread 4434->4440 4435->4433 4436->4434 4436->4435 4437->4434 4437->4436 4438->4439 4439->4436 4440->4439 4442 4028f4 4441->4442 4443 40299b 4441->4443 4444 4028fe VirtualAlloc 4442->4444 4443->4424 4445 402921 4444->4445 4446 40298a VirtualProtect 4444->4446 4447 402942 VirtualProtect 4445->4447 4446->4443 4447->4446 4449 4029f0 VirtualProtect 4448->4449 4450 402a52 4448->4450 4451 402a31 VirtualProtect VirtualFree 4449->4451 4452 402a1c 4449->4452 4450->4374 4451->4450 4452->4451 4453 5b11e7 4454 5b1221 4453->4454 4456 5b27a0 NtAllocateVirtualMemory 4454->4456 4457 5b329d 4456->4457 4457->4454 4510 4012ff CreateFileA 4511 40132b GetFileSize GlobalAlloc 4510->4511 4512 40136f 4510->4512 4513 401362 4511->4513 4514 401349 ReadFile 4511->4514 4515 401367 CloseHandle 4513->4515 4514->4515 4515->4512

                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                          Function 004011DF Relevance: 3.0, APIs: 2, Instructions: 20fileCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 119 4011df-40120b call 401000 FindFirstFileA 122 40121a 119->122 123 40120d-401218 FindClose 119->123 124 40121f-401220 122->124 123->124
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?), ref: 00401203
                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000,?,?), ref: 0040120E
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.1251009021.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 5ef48afcc60f0df42ca52d170e360d4b387ed72ee7c98a6338fd5de06560ac66
                                                                                                                                                                                                                                                                                          • Instruction ID: b1f125ed4efc06f30582f8b04dd36de647bf725fcf985a164ddf40afef925a9c
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ef48afcc60f0df42ca52d170e360d4b387ed72ee7c98a6338fd5de06560ac66
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60E0C23040020812DB10F6A48C0ABCA329C5F24318F0002B77619F31E1DA7CDEC4C76E
                                                                                                                                                                                                                                                                                          Function 005B04CC Relevance: 1.5, APIs: 1, Instructions: 48nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtQuerySystemInformation.NTDLL(00000000,FB145B9B,E0605F88,00000002,?), ref: 005B36B6
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000005.00000003.1250154739.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_5b0000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 8d827ceb1cc416b39031b6256c29159742f08048d30b83f4891e398e95171e99
                                                                                                                                                                                                                                                                                          • Instruction ID: 2bdc978e4153454c943794ff0bed477aaf96ebeb800aebf2f8f142c770dc9ef6
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d827ceb1cc416b39031b6256c29159742f08048d30b83f4891e398e95171e99
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11118E9080D3D46FD72397348868AA83FB07F03304F1A45CBD1C5EB0E3DA696A48CB22
                                                                                                                                                                                                                                                                                          Function 005B3519 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 144 5b3519-5b3548 145 5b3550-5b3556 144->145 146 5b36b1-5b36c3 NtQuerySystemInformation 145->146 148 5b36c9 146->148 149 5b19c1-5b19c6 146->149 148->148 150 5b19cc-5b19d1 149->150 151 5b34c1-5b34c7 149->151 150->151 152 5b19d7-5b34c0 150->152 151->144
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtQuerySystemInformation.NTDLL ref: 005B36B6
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.1251100003.00000000005B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B1000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_5b1000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 2171132a724ee702e00d67cb4ae17207dee643bdc257fb58d7537d09c28e9070
                                                                                                                                                                                                                                                                                          • Instruction ID: 6cd0985340e6bbb8b7b0ce9f7c389701b9998e2bf469e295c151bb126bc57098
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2171132a724ee702e00d67cb4ae17207dee643bdc257fb58d7537d09c28e9070
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94016D9180C7C45FD71397A498A57E83FA07B6B318F1A05D6D198EA0E3E6286A068726
                                                                                                                                                                                                                                                                                          Function 005B0335 Relevance: 1.5, APIs: 1, Instructions: 29memorynativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL(?,42025366), ref: 005B27CB
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000005.00000003.1250154739.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_5b0000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 7fc04df0d5d77a41f467c6adf8d35f92e442f5b7f77c8826fd2060193fd8791e
                                                                                                                                                                                                                                                                                          • Instruction ID: 1f0ab59edd5c5226f43018cae23c5bb8de73efaf27ede7eec2f6be69653ae157
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7fc04df0d5d77a41f467c6adf8d35f92e442f5b7f77c8826fd2060193fd8791e
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 54F01CDA80D7D02EF3135274A8A5B943FA0AB77248F0B44C7D0C4DB0E3D5695A4E8326
                                                                                                                                                                                                                                                                                          Function 005B3519 Relevance: 1.5, APIs: 1, Instructions: 26nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtQuerySystemInformation.NTDLL(00000000,FB145B9B,E0605F88,00000002,?), ref: 005B36B6
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000005.00000003.1250154739.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_5b0000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 190a51f41ef361d33bfa81698acc1348fdb76df4dcbf211a6dfeeae8dfbe8205
                                                                                                                                                                                                                                                                                          • Instruction ID: dc7da2a4eb58b0f2f44d712d4764b04a233cc9a14d790032c7097a59136222d7
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 190a51f41ef361d33bfa81698acc1348fdb76df4dcbf211a6dfeeae8dfbe8205
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1F0F8C680C7C15FE31313A49CA1B953FA06B6721CF1B05CAD1D4CA0E3D6682A068727
                                                                                                                                                                                                                                                                                          Function 005B0814 Relevance: 1.5, APIs: 1, Instructions: 26nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtProtectVirtualMemory.NTDLL(?), ref: 005B0856
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000005.00000003.1250154739.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_5b0000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: MemoryProtectVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2706961497-0
                                                                                                                                                                                                                                                                                          • Opcode ID: a7512f518d9cd3fd1093e4f2270c633ac2325be1cc000d8372d1ddfaef692cf0
                                                                                                                                                                                                                                                                                          • Instruction ID: 4cc0cd4939549653ddeadcd6780a7fd14e3099932dbf01f48f44b88587bd5de3
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7512f518d9cd3fd1093e4f2270c633ac2325be1cc000d8372d1ddfaef692cf0
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02F05FC691E3D02EE707937458697497FB01B67209F0A80CAC1919B0E3E6A85909C336
                                                                                                                                                                                                                                                                                          Function 005B27A0 Relevance: 1.5, APIs: 1, Instructions: 19memorynativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 154 5b27a0-5b27d1 NtAllocateVirtualMemory 155 5b329d 154->155
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL ref: 005B27CB
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.1251100003.00000000005B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B1000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_5b1000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction ID: 6abc7c78ef98ddbff1e7a8090ff0b9819c6770486818893d83890cf838d50aa9
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9E0928691E3D40EE70393745864A847FB16F67118F4B85DBD0D5CA0E3D6489A0EC326
                                                                                                                                                                                                                                                                                          Function 005B27A0 Relevance: 1.5, APIs: 1, Instructions: 19memorynativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL(?,42025366), ref: 005B27CB
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000005.00000003.1250154739.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_5b0000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction ID: 6abc7c78ef98ddbff1e7a8090ff0b9819c6770486818893d83890cf838d50aa9
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9E0928691E3D40EE70393745864A847FB16F67118F4B85DBD0D5CA0E3D6489A0EC326
                                                                                                                                                                                                                                                                                          Function 005B1457 Relevance: 1.5, APIs: 1, Instructions: 9nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtFreeVirtualMemory.NTDLL(00000000,F40368AB), ref: 005B2750
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000005.00000003.1250154739.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_3_5b0000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FreeMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3963845541-0
                                                                                                                                                                                                                                                                                          • Opcode ID: b48d3e1404e8900d199013f262c6db174cb68df81b1b54382843596abfa5e2cd
                                                                                                                                                                                                                                                                                          • Instruction ID: a8cdae2a733c7529c0bb2ce35ca653ced5370135d2cc19617fa2e59cde0d8809
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b48d3e1404e8900d199013f262c6db174cb68df81b1b54382843596abfa5e2cd
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77B01200004202374C04B3F99C5BCFF4C0878D53C87201D01F423F10D54C24F2209473
                                                                                                                                                                                                                                                                                          Function 005B2740 Relevance: 1.5, APIs: 1, Instructions: 8nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 156 5b2740-5b2752 NtFreeVirtualMemory 159 5b2e0f-5b2e10 156->159
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.1251100003.00000000005B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B1000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_5b1000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FreeMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3963845541-0
                                                                                                                                                                                                                                                                                          • Opcode ID: daf8ff062a64d71ed8538d5a4dfc0d1fcbc3b82ee8d6e8e9fd10b4b60d0c9c1d
                                                                                                                                                                                                                                                                                          • Instruction ID: 807e0e2a4e1563b6a1ee971318a01bfd2dcffc3757b21e7ec08b499b30b956ba
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: daf8ff062a64d71ed8538d5a4dfc0d1fcbc3b82ee8d6e8e9fd10b4b60d0c9c1d
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8DB01200004202374800B3F99C5BCBF4C0834D53C83101D01B412F10C54C24F2208472
                                                                                                                                                                                                                                                                                          Function 00401402 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 122stringmemoryCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • ExpandEnvironmentStringsA.KERNEL32(%ProgramFiles%,?,000002FC,?,00000000,00000000), ref: 0040144C
                                                                                                                                                                                                                                                                                          • ExpandEnvironmentStringsA.KERNEL32(%CommonProgramFiles%,?,000002FC,00000000), ref: 00401471
                                                                                                                                                                                                                                                                                          • ExpandEnvironmentStringsA.KERNEL32(%HOMEDRIVE%%HOMEPATH%,?,000002FC,00000000), ref: 00401496
                                                                                                                                                                                                                                                                                          • ExpandEnvironmentStringsA.KERNEL32(%APPDATA%,?,000002FC,00000000), ref: 004014B8
                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 0040152F
                                                                                                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(?,00000000,00000000), ref: 0040153D
                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?,?,00000000,%ProgramFiles%,?,000002FC,?,00000000,00000000), ref: 00401559
                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,-00000002,?,?,00000000,%ProgramFiles%,?,000002FC,?,00000000,00000000), ref: 00401564
                                                                                                                                                                                                                                                                                          • lstrcpy.KERNEL32(00000000,?), ref: 00401580
                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(00000000,00000040,-00000002,?,?,00000000,%ProgramFiles%,?,000002FC,?,00000000,00000000), ref: 0040158B
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.1251009021.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: EnvironmentExpandStrings$lstrlen$AllocCreateDirectoryGloballstrcatlstrcpy
                                                                                                                                                                                                                                                                                          • String ID: %APPDATA%$%CommonProgramFiles%$%HOMEDRIVE%%HOMEPATH%$%ProgramFiles%
                                                                                                                                                                                                                                                                                          • API String ID: 1756080463-2835764218
                                                                                                                                                                                                                                                                                          • Opcode ID: eb2d092b21e97612dede6986c0320930081586544f6f096bcc96e5e14e4d91fc
                                                                                                                                                                                                                                                                                          • Instruction ID: b3cca358a8796779bf3d8f55d13e7706bab6aaea77049080d11dc94dac6c4c64
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb2d092b21e97612dede6986c0320930081586544f6f096bcc96e5e14e4d91fc
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 164164F1940118B9DF20A651CD4AFBA737CEB84308F1040FBB306B60D1D6B84E869A6D
                                                                                                                                                                                                                                                                                          Function 00401718 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 100registrystringCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • RegOpenKeyA.ADVAPI32(80000000,http\shell\open\command,00000000), ref: 00401731
                                                                                                                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 00401750
                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 00401763
                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 0040176B
                                                                                                                                                                                                                                                                                          • lstrcpy.KERNEL32(00000000,00000001), ref: 00401784
                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 0040178C
                                                                                                                                                                                                                                                                                          • ExpandEnvironmentStringsA.KERNEL32(%ProgramFiles%\Internet Explorer\iexplore.exe,?,?,00000000), ref: 004017C0
                                                                                                                                                                                                                                                                                          • RegOpenKeyA.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE,00000000), ref: 004017F2
                                                                                                                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,?,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE,00000000,00000000,%ProgramFiles%\Internet Explorer\iexplore.exe,?,?,00000000), ref: 00401811
                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE,00000000,00000000,%ProgramFiles%\Internet Explorer\iexplore.exe,?,?,00000000), ref: 00401824
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          • http\shell\open\command, xrefs: 00401727
                                                                                                                                                                                                                                                                                          • SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE, xrefs: 004017E8
                                                                                                                                                                                                                                                                                          • %ProgramFiles%\Internet Explorer\iexplore.exe, xrefs: 004017BB
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.1251009021.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: CloseOpenQueryValuelstrlen$EnvironmentExpandStringslstrcpy
                                                                                                                                                                                                                                                                                          • String ID: %ProgramFiles%\Internet Explorer\iexplore.exe$SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE$http\shell\open\command
                                                                                                                                                                                                                                                                                          • API String ID: 3609507023-2166425673
                                                                                                                                                                                                                                                                                          • Opcode ID: ec1019beed7b315069fa3b1779e8fda54c19aa443329518b0391860384422208
                                                                                                                                                                                                                                                                                          • Instruction ID: 492c7e26a815c2c5e33e9532f8691bf3d5bdac08c2cdb0d7937cd877f00ba273
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec1019beed7b315069fa3b1779e8fda54c19aa443329518b0391860384422208
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2731FE31580009FADF116B91CD46F9D7E26EF14348F108036B904B81F1D7B98FA1EB98
                                                                                                                                                                                                                                                                                          Function 00402B89 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 73stringfileCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 56 402b89-402b9d 57 402bc4-402bc8 56->57 58 402b9f-402baf GetVolumePathNameA 56->58 60 402c10-402c14 57->60 61 402bca-402be7 lstrlen call 40161b 57->61 58->57 59 402bb1-402bbd GetDriveTypeA 58->59 59->57 64 402bbf-402bc1 59->64 62 402c54-402c58 60->62 63 402c16-402c27 call 4015bf 60->63 61->60 69 402be9-402bf0 61->69 63->62 72 402c29-402c3b CopyFileA 63->72 64->57 70 402bf2-402c01 lstrcmpiA 69->70 71 402c08-402c0b GlobalFree 69->71 70->71 73 402c03-402c05 70->73 71->60 74 402c4c-402c4f GlobalFree 72->74 75 402c3d-402c42 call 401379 72->75 73->71 74->62 77 402c47-402c49 75->77 77->74
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GetVolumePathNameA.KERNEL32(00000000,?,0000000A), ref: 00402BA8
                                                                                                                                                                                                                                                                                          • GetDriveTypeA.KERNEL32(?,00000000,00000000), ref: 00402BB5
                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00402BCD
                                                                                                                                                                                                                                                                                          • lstrcmpiA.KERNEL32(00000000,DesktopLayer.exe), ref: 00402BFA
                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00402C0B
                                                                                                                                                                                                                                                                                          • CopyFileA.KERNEL32(00000001,?,00000000), ref: 00402C34
                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00402C4F
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.1251009021.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FreeGlobal$CopyDriveFileNamePathTypeVolumelstrcmpilstrlen
                                                                                                                                                                                                                                                                                          • String ID: DesktopLayer.exe$Microsoft
                                                                                                                                                                                                                                                                                          • API String ID: 2423091117-2303414202
                                                                                                                                                                                                                                                                                          • Opcode ID: 13739f48c3fb5faa69a5c578e09354fe4c0f3b87c24bd434c24f16c5b7868d18
                                                                                                                                                                                                                                                                                          • Instruction ID: 424de1d055d36d94485564944f0a82ae944634b2939da7d16f421487f9db5567
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 13739f48c3fb5faa69a5c578e09354fe4c0f3b87c24bd434c24f16c5b7868d18
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0214C31940109FAEF21AEA1CE4ABEE7B75AF00308F204076B600B41E0D7F99E80DB58
                                                                                                                                                                                                                                                                                          Function 00402C5B Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                            • Part of subcall function 00401718: RegOpenKeyA.ADVAPI32(80000000,http\shell\open\command,00000000), ref: 00401731
                                                                                                                                                                                                                                                                                            • Part of subcall function 00401718: RegQueryValueExA.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 00401750
                                                                                                                                                                                                                                                                                            • Part of subcall function 00401718: RegCloseKey.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 00401763
                                                                                                                                                                                                                                                                                            • Part of subcall function 00401718: lstrlen.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 0040176B
                                                                                                                                                                                                                                                                                            • Part of subcall function 00401718: lstrcpy.KERNEL32(00000000,00000001), ref: 00401784
                                                                                                                                                                                                                                                                                            • Part of subcall function 00401718: lstrlen.KERNEL32(00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 0040178C
                                                                                                                                                                                                                                                                                            • Part of subcall function 00401718: ExpandEnvironmentStringsA.KERNEL32(%ProgramFiles%\Internet Explorer\iexplore.exe,?,?,00000000), ref: 004017C0
                                                                                                                                                                                                                                                                                            • Part of subcall function 00401718: RegOpenKeyA.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE,00000000), ref: 004017F2
                                                                                                                                                                                                                                                                                            • Part of subcall function 00401718: RegQueryValueExA.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,?,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE,00000000,00000000,%ProgramFiles%\Internet Explorer\iexplore.exe,?,?,00000000), ref: 00401811
                                                                                                                                                                                                                                                                                            • Part of subcall function 00401718: RegCloseKey.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE,00000000,00000000,%ProgramFiles%\Internet Explorer\iexplore.exe,?,?,00000000), ref: 00401824
                                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32(00000000), ref: 00402CE1
                                                                                                                                                                                                                                                                                            • Part of subcall function 004016DF: CreateMutexA.KERNEL32(00000000,00000000,?), ref: 004016EC
                                                                                                                                                                                                                                                                                            • Part of subcall function 004016DF: GetLastError.KERNEL32(00000000,00000000,?), ref: 004016F8
                                                                                                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,0040E3D1,00000104), ref: 00402C99
                                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32(00000000,00000000,0040E3D1,00000104), ref: 00402CBA
                                                                                                                                                                                                                                                                                            • Part of subcall function 004016C2: ReleaseMutex.KERNEL32(00000000), ref: 004016CE
                                                                                                                                                                                                                                                                                            • Part of subcall function 004016C2: CloseHandle.KERNEL32(00000000,00000000), ref: 004016D6
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.1251009021.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Close$ExitMutexOpenProcessQueryValuelstrlen$CreateEnvironmentErrorExpandFileHandleLastModuleNameReleaseStringslstrcpy
                                                                                                                                                                                                                                                                                          • String ID: C:\Program Files\Internet Explorer\iexplore.exe$KyUffThOkYwRRtgPP
                                                                                                                                                                                                                                                                                          • API String ID: 2881055489-3296811008
                                                                                                                                                                                                                                                                                          • Opcode ID: 51f0a5296dabd030075ef5f478be5b9d37bf5b147908f06877ff2ac5a85c63c7
                                                                                                                                                                                                                                                                                          • Instruction ID: 658ed56b8edc3d340efa7718af161cce9f9a56405a25793705c5132ec09cd582
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 51f0a5296dabd030075ef5f478be5b9d37bf5b147908f06877ff2ac5a85c63c7
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17F07470A9920166F96036E31F4BF2D3519AB51B19F24493FFA06B5ADAC8FDC880406E
                                                                                                                                                                                                                                                                                          Function 00401223 Relevance: 7.5, APIs: 5, Instructions: 34fileCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GetTempFileNameA.KERNEL32(?,0040D877,00000000,?), ref: 0040123D
                                                                                                                                                                                                                                                                                          • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,00000080,00000000,?,0040D877,00000000,?), ref: 0040125B
                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,C0000000,00000000,00000000,00000002,00000080,00000000,?,0040D877,00000000,?), ref: 00401266
                                                                                                                                                                                                                                                                                          • DeleteFileA.KERNEL32(?,00000000,?,C0000000,00000000,00000000,00000002,00000080,00000000,?,0040D877,00000000,?), ref: 00401272
                                                                                                                                                                                                                                                                                          • DeleteFileA.KERNEL32(?,?,C0000000,00000000,00000000,00000002,00000080,00000000,?,0040D877,00000000,?), ref: 00401287
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.1251009021.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: File$Delete$CloseCreateHandleNameTemp
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 439191773-0
                                                                                                                                                                                                                                                                                          • Opcode ID: d0b1a79aa4c462ad44ecc9392d585fdbe1d19d16f4d434a85cbd1d30edee96da
                                                                                                                                                                                                                                                                                          • Instruction ID: 186fe5be79785259f1872443284916a5363f1187a29e07790adc69cdd5997470
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d0b1a79aa4c462ad44ecc9392d585fdbe1d19d16f4d434a85cbd1d30edee96da
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9BF082B164020835EB30E6618C0BF9A715C6B0070CF504676B714F61D1DAF8EA4587AD
                                                                                                                                                                                                                                                                                          Function 00401379 Relevance: 4.5, APIs: 3, Instructions: 35processCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 107 401379-4013d3 call 401000 * 2 CreateProcessA CloseHandle * 2
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000001,?), ref: 004013BB
                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000001,?), ref: 004013C8
                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000001,?), ref: 004013CD
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.1251009021.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: CloseHandle$CreateProcess
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2922976086-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 8cb9f19ee399d787c8b4674e150e4f549b15538f8041b33c1cced284ee0a84ec
                                                                                                                                                                                                                                                                                          • Instruction ID: 9702a8fae010102b8f3319c9dcbb37de3e5b74a77d2506e72a6bb3d194965e30
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8cb9f19ee399d787c8b4674e150e4f549b15538f8041b33c1cced284ee0a84ec
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00F05E7280410DAADF00EBD1CD42FDEB73CBF04358F204022B304BA0D1E7B8A6588759
                                                                                                                                                                                                                                                                                          Function 004015BF Relevance: 3.8, APIs: 3, Instructions: 39stringmemoryCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 112 4015bf-4015d3 113 4015d5-4015df call 401402 112->113 114 40160f-401618 112->114 113->114 117 4015e1-4015ff lstrlen GlobalReAlloc 113->117 117->114 118 401601-40160a lstrcat 117->118 118->114
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                            • Part of subcall function 00401402: ExpandEnvironmentStringsA.KERNEL32(%ProgramFiles%,?,000002FC,?,00000000,00000000), ref: 0040144C
                                                                                                                                                                                                                                                                                            • Part of subcall function 00401402: lstrcat.KERNEL32(?,00000000), ref: 0040152F
                                                                                                                                                                                                                                                                                            • Part of subcall function 00401402: CreateDirectoryA.KERNEL32(?,00000000,00000000), ref: 0040153D
                                                                                                                                                                                                                                                                                            • Part of subcall function 00401402: lstrlen.KERNEL32(?,?,00000000,%ProgramFiles%,?,000002FC,?,00000000,00000000), ref: 00401559
                                                                                                                                                                                                                                                                                            • Part of subcall function 00401402: GlobalAlloc.KERNEL32(00000040,-00000002,?,?,00000000,%ProgramFiles%,?,000002FC,?,00000000,00000000), ref: 00401564
                                                                                                                                                                                                                                                                                            • Part of subcall function 00401402: lstrcpy.KERNEL32(00000000,?), ref: 00401580
                                                                                                                                                                                                                                                                                            • Part of subcall function 00401402: lstrlen.KERNEL32(00000000,00000040,-00000002,?,?,00000000,%ProgramFiles%,?,000002FC,?,00000000,00000000), ref: 0040158B
                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(00000000,00000000), ref: 004015E7
                                                                                                                                                                                                                                                                                          • GlobalReAlloc.KERNEL32(00000000,-00000002,00000042), ref: 004015F8
                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(00000000,00000000), ref: 0040160A
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.1251009021.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: lstrlen$AllocGloballstrcat$CreateDirectoryEnvironmentExpandStringslstrcpy
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2659262781-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 2fb2131fb38e80ddb3e8ae19328d31c865ea21cfca0204d091205f4c0a63eab0
                                                                                                                                                                                                                                                                                          • Instruction ID: 6719ae48cc28c76d49d2bd0530c86b5922777cc1d1538b35a8369e0cf4bbc5c8
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2fb2131fb38e80ddb3e8ae19328d31c865ea21cfca0204d091205f4c0a63eab0
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 32F04972900108FBDB21AB55DD46EAE7B76EF40324F248076F400B51E1D7B58F10EA68
                                                                                                                                                                                                                                                                                          Function 004016DF Relevance: 3.0, APIs: 2, Instructions: 20synchronizationCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 125 4016df-4016f6 CreateMutexA 126 401711-401715 125->126 127 4016f8-401702 GetLastError 125->127 127->126 128 401704-40170e call 4016c2 127->128 128->126
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 004016EC
                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,00000000,?), ref: 004016F8
                                                                                                                                                                                                                                                                                            • Part of subcall function 004016C2: ReleaseMutex.KERNEL32(00000000), ref: 004016CE
                                                                                                                                                                                                                                                                                            • Part of subcall function 004016C2: CloseHandle.KERNEL32(00000000,00000000), ref: 004016D6
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.1251009021.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Mutex$CloseCreateErrorHandleLastRelease
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 733076996-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 0897c6c8bd5289ff081836c2ea4f05b2bb83777deb02434dc499b74169ab8284
                                                                                                                                                                                                                                                                                          • Instruction ID: 09fa4dce51ae3b9f4bbea8390c7e24992755dbbf689dbb8f605fa6f359d9358e
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0897c6c8bd5289ff081836c2ea4f05b2bb83777deb02434dc499b74169ab8284
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2EE0CD30604109F7DF50A7B48D43B8D76605B00314F300036B604B91F2D6748F00665D

                                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                                          Function 00401848 Relevance: 52.6, APIs: 15, Strings: 15, Instructions: 98libraryloaderCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 00401853
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,LdrLoadDll), ref: 0040186C
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,LdrGetDllHandle), ref: 00401887
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,LdrGetProcedureAddress), ref: 004018A2
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,RtlInitUnicodeString), ref: 004018BD
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,RtlUnicodeStringToAnsiString), ref: 004018D8
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,RtlFreeAnsiString), ref: 004018F3
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,RtlInitString), ref: 0040190E
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,RtlAnsiStringToUnicodeString), ref: 00401929
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,RtlFreeUnicodeString), ref: 00401944
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,ZwProtectVirtualMemory), ref: 0040195B
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,RtlCreateUserThread), ref: 00401972
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,ZwFreeVirtualMemory), ref: 00401989
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,ZwDelayExecution), ref: 004019A0
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,ZwQueryInformationProcess), ref: 004019B7
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.1251009021.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                                                                          • String ID: LdrGetDllHandle$LdrGetProcedureAddress$LdrLoadDll$RtlAnsiStringToUnicodeString$RtlCreateUserThread$RtlFreeAnsiString$RtlFreeUnicodeString$RtlInitString$RtlInitUnicodeString$RtlUnicodeStringToAnsiString$ZwDelayExecution$ZwFreeVirtualMemory$ZwProtectVirtualMemory$ZwQueryInformationProcess$ntdll.dll
                                                                                                                                                                                                                                                                                          • API String ID: 667068680-543826357
                                                                                                                                                                                                                                                                                          • Opcode ID: 69ca6255efe83f27f5b84edb10674d8826c510bd713bf2e009cb445737337cba
                                                                                                                                                                                                                                                                                          • Instruction ID: bc6468009a329136bf4eb22e9ff5b6ca0f6950a870a5312c355c34da05818bdd
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 69ca6255efe83f27f5b84edb10674d8826c510bd713bf2e009cb445737337cba
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8310EF0D10285AADF21ABE5DE46B6D7AA1DF00704F240577A450F12F1D7BC4E98EA4D
                                                                                                                                                                                                                                                                                          Function 004027E0 Relevance: 13.6, APIs: 9, Instructions: 58threadprocessinjectionCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 004027EB
                                                                                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000,00000000), ref: 004027F7
                                                                                                                                                                                                                                                                                          • Thread32First.KERNEL32(?,?), ref: 00402817
                                                                                                                                                                                                                                                                                          • OpenThread.KERNEL32(00000002,00000000,?,00000004,00000000,00000000), ref: 00402837
                                                                                                                                                                                                                                                                                          • SuspendThread.KERNEL32(?,00000002,00000000,?,00000004,00000000,00000000), ref: 0040284C
                                                                                                                                                                                                                                                                                          • ResumeThread.KERNEL32(?,00000002,00000000,?,00000004,00000000,00000000), ref: 0040285C
                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,00000002,00000000,?,00000004,00000000,00000000), ref: 00402864
                                                                                                                                                                                                                                                                                          • Thread32Next.KERNEL32(?,?), ref: 00402870
                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,00000004,00000000,00000000), ref: 0040287D
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.1251009021.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Thread$CloseHandleThread32$CreateCurrentFirstNextOpenResumeSnapshotSuspendToolhelp32
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3514557714-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 0118cb965083a1ba79e813ec2114a3858d31d32c2e44b98e012112c602bc8cff
                                                                                                                                                                                                                                                                                          • Instruction ID: 86f68fd1592829ff739bdd2ae1b77707a543462ea7653b1b0fc8759417c2ad1e
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0118cb965083a1ba79e813ec2114a3858d31d32c2e44b98e012112c602bc8cff
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1112135D00209EBDF11ABA1CE8ABDDBB74AF04314F108576F510B52D1D7B99E819B68
                                                                                                                                                                                                                                                                                          Function 00402002 Relevance: 7.6, APIs: 5, Instructions: 133memoryinjectionCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • VirtualAlloc.KERNEL32(?,00000000,00003000,00000040,?,?,10000000), ref: 00402054
                                                                                                                                                                                                                                                                                          • VirtualFree.KERNEL32(00000000,00000000,00008000,?,00000000,00003000,00000040,?,?,10000000), ref: 0040206C
                                                                                                                                                                                                                                                                                          • VirtualAllocEx.KERNEL32(00000000,?,00000000,00003000,00000040,00000000,00000000,00008000,?,00000000,00003000,00000040,?,?,10000000), ref: 00402081
                                                                                                                                                                                                                                                                                          • WriteProcessMemory.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,?,00000000,00003000,00000040,?), ref: 004020DD
                                                                                                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 004021A7
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.1251009021.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Virtual$Alloc$FileFreeMemoryModuleNameProcessWrite
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 1226386272-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 99f1d0cef540fc1391a52dc09f1b73d262763056076365d94c7d4ad8aa465b5d
                                                                                                                                                                                                                                                                                          • Instruction ID: 20129d6dd5dd2ce482b1996248009f9aa0b5b2071adf242341de1031ba6d11b0
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 99f1d0cef540fc1391a52dc09f1b73d262763056076365d94c7d4ad8aa465b5d
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0051B572900119EEDF22AFD4DD45BEEBB75EB08304F1044A6F614B51E1C7B99A90DF48
                                                                                                                                                                                                                                                                                          Function 00401F20 Relevance: 3.0, APIs: 2, Instructions: 22memoryinjectionCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • VirtualAllocEx.KERNEL32(?,00000000,?,00003000,00000040), ref: 00401F35
                                                                                                                                                                                                                                                                                          • WriteProcessMemory.KERNEL32(?,?,?,?,?,?,00000000,?,00003000,00000040), ref: 00401F51
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.1251009021.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocMemoryProcessVirtualWrite
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 645232735-0
                                                                                                                                                                                                                                                                                          • Opcode ID: a40881a6ea890c5aff068fbf20b838326d59925dc1a23925e9617d708ec640d8
                                                                                                                                                                                                                                                                                          • Instruction ID: 4db4b1bd7853843878adcc9bcb2fb5b9366ba52cc26ba2a7a2ef3333905d6f45
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a40881a6ea890c5aff068fbf20b838326d59925dc1a23925e9617d708ec640d8
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02E0E53260020EFBCF129F91CD02FDE7B69AF04304F144126BA28B91E0D6B5DA20AB58
                                                                                                                                                                                                                                                                                          Function 0040A363 Relevance: 13.9, Strings: 11, Instructions: 195COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.1251009021.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                                                                          • String ID: CloseHandle$CreateFileA$CreateMutexA$CreateProcessA$FreeLibrary$GetLastError$GetModuleFileNameA$KyUffThOkYwRRtgPP$ReleaseMutex$WriteFile$kernel32.dll
                                                                                                                                                                                                                                                                                          • API String ID: 0-2149022692
                                                                                                                                                                                                                                                                                          • Opcode ID: 132d1907daee8841d4181bc0febff45c75e6edec66cf8881b9ce40cf8a581f1c
                                                                                                                                                                                                                                                                                          • Instruction ID: fa241c0b53f64fb1b9f30a6edefe02a47125ce196ad1b6ca31ea9b43f0ac823c
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 132d1907daee8841d4181bc0febff45c75e6edec66cf8881b9ce40cf8a581f1c
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B581F47190038AEEEB31DE64CC89BDF3B69FF14380F544522ED0982298DF385A65EB54
                                                                                                                                                                                                                                                                                          Function 00402602 Relevance: 7.7, APIs: 5, Instructions: 159memoryCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • VirtualAlloc.KERNEL32(?,?,00002000,00000001,?), ref: 00402663
                                                                                                                                                                                                                                                                                          • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,00002000,00000001,?), ref: 0040268A
                                                                                                                                                                                                                                                                                          • VirtualProtect.KERNEL32(?,?,00000002,?,?,?,00001000,00000004,?,?,00002000,00000001,?), ref: 004026BA
                                                                                                                                                                                                                                                                                          • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,?,?,00000002,?,?,?,00001000,00000004,?,?), ref: 0040270D
                                                                                                                                                                                                                                                                                          • VirtualProtect.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,00001000,00000004,?), ref: 004027C2
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.1251009021.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Virtual$Alloc$Protect
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 655996629-0
                                                                                                                                                                                                                                                                                          • Opcode ID: faa52ed43cd77676b702412410f2a1bdd558652dc257b96df986887e42091d24
                                                                                                                                                                                                                                                                                          • Instruction ID: 96a6c0cd5334beb3fa36ead02948455c214efa3f4d05aea688992a3438b1af0e
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: faa52ed43cd77676b702412410f2a1bdd558652dc257b96df986887e42091d24
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7511B32900209AFDF159F95CD45BEEBB71FF08314F104466F610B66E1D3B9A9A0DBA4
                                                                                                                                                                                                                                                                                          Function 004012FF Relevance: 7.5, APIs: 5, Instructions: 44filememoryCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • CreateFileA.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000000,00000000,00000000,00000000), ref: 00401321
                                                                                                                                                                                                                                                                                          • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000003,00000000,00000003,00000000,00000000,00000000,00000000), ref: 00401333
                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,00000000,80000000,00000003,00000000,00000003,00000000,00000000,00000000,00000000), ref: 00401340
                                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(?,00000000,00000000,?,00000000,00000040,00000000,?,00000000,00000000,80000000,00000003,00000000,00000003,00000000,00000000), ref: 0040135B
                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,00000000,00000040,00000000,?,00000000,00000000,80000000,00000003,00000000,00000003,00000000,00000000,00000000,00000000), ref: 0040136A
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.1251009021.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: File$AllocCloseCreateGlobalHandleReadSize
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 722267120-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 11d7c8a199bbd4e01152e45357bb35233b2fbe09b3261f2c80c953f84659463b
                                                                                                                                                                                                                                                                                          • Instruction ID: 79cc8bef3f632a0c77fc9708f8f56676fd4cb2f71734551f03fa5f540b5cbac7
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 11d7c8a199bbd4e01152e45357bb35233b2fbe09b3261f2c80c953f84659463b
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4601E831E40208FAEF219BE1DD02FADBB75BF04B14F2081A6BB10791E0D6B55B51AB08
                                                                                                                                                                                                                                                                                          Function 00402270 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                            • Part of subcall function 0040220E: ReadProcessMemory.KERNEL32(?,?,?,0000000C,?), ref: 00402251
                                                                                                                                                                                                                                                                                          • ReadProcessMemory.KERNEL32(?,?,?,00000040,?,00000000), ref: 0040229D
                                                                                                                                                                                                                                                                                          • ReadProcessMemory.KERNEL32(?,?,?,000000F8,?), ref: 004022C8
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.1251009021.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: MemoryProcessRead
                                                                                                                                                                                                                                                                                          • String ID: MZ$PE
                                                                                                                                                                                                                                                                                          • API String ID: 1726664587-1102611028
                                                                                                                                                                                                                                                                                          • Opcode ID: ca2693b3a002a90c9008a8d5c803d614c5cb3d8d4de5a3cffed5cd9569d7e1f6
                                                                                                                                                                                                                                                                                          • Instruction ID: ff517562bc2addfbfb0c077f2f9b6474b95ba07a3f67e200e1b9cf5a963460f1
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca2693b3a002a90c9008a8d5c803d614c5cb3d8d4de5a3cffed5cd9569d7e1f6
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F901E97190020DEEDF10CBD4CD89AEDBBB8AB04308F0440ABA604B62D1D6B49E81DB58
                                                                                                                                                                                                                                                                                          Function 004028CA Relevance: 6.1, APIs: 4, Instructions: 80memoryCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • VirtualProtect.KERNEL32(?,0000000A,00000040,?,00000000), ref: 004028E7
                                                                                                                                                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00001000,00000040,?,0000000A,00000040,?,00000000), ref: 00402918
                                                                                                                                                                                                                                                                                          • VirtualProtect.KERNEL32(?,?,?,?,00000000,?,00001000,00000040,?,0000000A,00000040,?,00000000), ref: 00402980
                                                                                                                                                                                                                                                                                          • VirtualProtect.KERNEL32(?,0000000A,?,?,00000000,?,00001000,00000040,?,0000000A,00000040,?,00000000), ref: 00402996
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.1251009021.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Virtual$Protect$Alloc
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2541858876-0
                                                                                                                                                                                                                                                                                          • Opcode ID: b624685df5d148c5f5d8977b36e0dfec35c6051c875e89731f60305fe2ffb819
                                                                                                                                                                                                                                                                                          • Instruction ID: b6ba2b43a951933c86d16c11af4f64c0acd03aa07567240cc84e3321d53f4215
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b624685df5d148c5f5d8977b36e0dfec35c6051c875e89731f60305fe2ffb819
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C311871A0020AEFDF11CFA9C945B9DBFB4EF14340F14406AFA48BA290D6759A91DB94
                                                                                                                                                                                                                                                                                          Function 00401295 Relevance: 6.0, APIs: 4, Instructions: 37fileCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • CreateFileA.KERNEL32(?,40000000,00000003,00000000,?,00000080,00000000,00000000), ref: 004012B6
                                                                                                                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,00000000,00000000,00000002,?,40000000,00000003,00000000,?,00000080,00000000,00000000), ref: 004012D2
                                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,00000000,?,?,00000000,?,40000000,00000003,00000000,?,00000080,00000000,00000000), ref: 004012E6
                                                                                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,00000000,?,?,00000000,?,40000000,00000003,00000000,?,00000080,00000000,00000000), ref: 004012EE
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000005.00000002.1251009021.0000000000400000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000005.00000002.1251009021.0000000000410000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_5_2_400000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: File$CloseCreateHandlePointerWrite
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3604237281-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 4057afce5a22d0220b692eabcf17883746c6d019bec3603942c7da109d02820a
                                                                                                                                                                                                                                                                                          • Instruction ID: 075fdeaf1b34fa61d46e1d9352e38da4b48368fe327db8da620f2795438672a1
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4057afce5a22d0220b692eabcf17883746c6d019bec3603942c7da109d02820a
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6EF0FF31A40209FAEF219E90DD47F9D7B35AF04718F204266B620791E1C7B55E60AB09

                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                          Execution Coverage:5.5%
                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                                                                                          Total number of Nodes:214
                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:7
                                                                                                                                                                                                                                                                                          execution_graph 4264 5b3519 4267 5b19c1 4264->4267 4265 5b36b6 NtQuerySystemInformation 4266 5b36c9 4265->4266 4265->4267 4266->4266 4267->4264 4267->4265 4268 5b19d7 4267->4268 4519 401295 CreateFileA 4520 4012c0 4519->4520 4521 4012f8 4519->4521 4522 4012d7 WriteFile ExitProcess 4520->4522 4523 4012c9 SetFilePointer 4520->4523 4522->4521 4523->4522 4459 402a59 4461 402a74 4459->4461 4460 402b19 4461->4460 4467 402270 4461->4467 4466 402ad3 VirtualProtectEx WriteProcessMemory VirtualProtectEx 4466->4460 4493 40220e 4467->4493 4470 4022d1 4470->4460 4474 402002 4470->4474 4471 40228a ReadProcessMemory 4471->4470 4472 4022a6 4471->4472 4472->4470 4473 4022ae ReadProcessMemory 4472->4473 4473->4470 4477 40201e 4474->4477 4475 402033 VirtualAlloc 4476 402062 VirtualFree VirtualAllocEx 4475->4476 4475->4477 4476->4477 4477->4475 4478 40209a 4477->4478 4492 4021f2 4477->4492 4478->4492 4499 402602 4478->4499 4481 4020c9 WriteProcessMemory 4482 4020eb 4481->4482 4481->4492 4510 401f20 VirtualAllocEx 4482->4510 4484 402103 4485 401f20 2 API calls 4484->4485 4484->4492 4486 40212a 4485->4486 4487 402133 GetModuleFileNameA 4486->4487 4486->4492 4488 4021be 4487->4488 4489 401f20 2 API calls 4488->4489 4490 4021d6 4489->4490 4491 401f20 2 API calls 4490->4491 4490->4492 4491->4492 4492->4460 4492->4466 4498 4019d4 NtQueryInformationProcess 4493->4498 4495 402234 4496 40225a 4495->4496 4497 402238 ReadProcessMemory 4495->4497 4496->4470 4496->4471 4497->4496 4498->4495 4500 402613 4499->4500 4501 40264a VirtualAlloc 4500->4501 4507 4020c0 4500->4507 4502 402671 VirtualAlloc 4501->4502 4501->4507 4503 402698 4502->4503 4502->4507 4504 4026ae VirtualProtect 4503->4504 4506 4026c9 4504->4506 4505 4026eb VirtualAlloc 4505->4506 4505->4507 4506->4505 4506->4507 4508 402742 4506->4508 4507->4481 4507->4492 4508->4507 4509 4027b1 VirtualProtect 4508->4509 4509->4507 4509->4508 4511 401f59 4510->4511 4512 401f3e WriteProcessMemory 4510->4512 4511->4484 4512->4511 4269 5b2740 4270 5b2745 NtFreeVirtualMemory 4269->4270 4272 5b2e0f 4270->4272 4273 402c5b 4296 401718 RegOpenKeyA 4273->4296 4275 402cdf ExitProcess 4276 402c6a 4276->4275 4316 4016df CreateMutexA 4276->4316 4279 402c88 4279->4275 4282 402c8d GetModuleFileNameA 4279->4282 4280 402c7d 4375 4016c2 4280->4375 4284 402ca9 4282->4284 4322 402b89 4284->4322 4287 402cb8 ExitProcess 4288 402cbf 4341 401848 GetModuleHandleA 4288->4341 4290 402cc4 4290->4275 4358 402b1e 4290->4358 4294 402cda 4368 402b62 4294->4368 4297 4017b5 ExpandEnvironmentStringsA 4296->4297 4298 40173a RegQueryValueExA 4296->4298 4299 4017c9 4297->4299 4300 4017df RegOpenKeyA 4297->4300 4378 40103d 4298->4378 4307 4011df 2 API calls 4299->4307 4303 401831 4300->4303 4304 4017fb RegQueryValueExA 4300->4304 4302 401760 RegCloseKey lstrlen 4305 40177b 4302->4305 4303->4276 4313 40183f 4303->4313 4384 40103d 4304->4384 4310 40179c 4305->4310 4311 40177f lstrcpy lstrlen 4305->4311 4309 4017da 4307->4309 4308 401821 RegCloseKey 4312 4011df 2 API calls 4308->4312 4309->4300 4309->4313 4379 4011df 4310->4379 4311->4310 4312->4303 4313->4276 4317 401711 4316->4317 4318 4016f8 GetLastError 4316->4318 4317->4279 4317->4280 4318->4317 4319 401704 4318->4319 4320 4016c2 2 API calls 4319->4320 4321 40170c 4320->4321 4321->4317 4323 402bbf 4322->4323 4324 402b9f GetVolumePathNameA 4322->4324 4326 402c10 4323->4326 4327 402bca lstrlen 4323->4327 4324->4323 4325 402bb1 GetDriveTypeA 4324->4325 4325->4323 4328 402c54 4326->4328 4392 4015bf 4326->4392 4386 40161b 4327->4386 4328->4287 4328->4288 4333 402c29 CopyFileA 4336 402c4c GlobalFree 4333->4336 4337 402c3d 4333->4337 4334 402bf2 lstrcmpiA 4335 402c08 GlobalFree 4334->4335 4338 402c03 4334->4338 4335->4326 4336->4328 4339 401379 3 API calls 4337->4339 4338->4335 4340 402c47 4339->4340 4340->4336 4342 401861 GetProcAddress 4341->4342 4343 4019cd 4341->4343 4342->4343 4344 40187a GetProcAddress 4342->4344 4343->4290 4344->4343 4345 401895 GetProcAddress 4344->4345 4345->4343 4346 4018b0 GetProcAddress 4345->4346 4346->4343 4347 4018cb GetProcAddress 4346->4347 4347->4343 4348 4018e6 GetProcAddress 4347->4348 4348->4343 4349 401901 GetProcAddress 4348->4349 4349->4343 4350 40191c GetProcAddress 4349->4350 4350->4343 4351 401937 GetProcAddress 4350->4351 4351->4343 4352 40194e GetProcAddress 4351->4352 4352->4343 4353 401965 GetProcAddress 4352->4353 4353->4343 4354 40197c GetProcAddress 4353->4354 4354->4343 4355 401993 GetProcAddress 4354->4355 4355->4343 4356 4019aa GetProcAddress 4355->4356 4356->4343 4357 4019c1 4356->4357 4357->4290 4419 40288e GetCurrentProcessId 4358->4419 4365 401379 4366 40138a 4365->4366 4367 401395 CreateProcessA ExitProcess ExitProcess 4366->4367 4367->4294 4369 40288e 11 API calls 4368->4369 4370 402b67 4369->4370 4371 402b7b 4370->4371 4449 4029df 4370->4449 4373 40289c 11 API calls 4371->4373 4374 402b88 4373->4374 4374->4275 4376 4016db 4375->4376 4377 4016cb ReleaseMutex ExitProcess 4375->4377 4376->4279 4378->4302 4385 401000 4379->4385 4381 4011f9 FindFirstFileA 4382 40121a 4381->4382 4383 40120d FindClose 4381->4383 4382->4297 4382->4313 4383->4382 4384->4308 4385->4381 4387 401631 4386->4387 4388 4016aa 4386->4388 4387->4388 4389 401637 4387->4389 4388->4326 4388->4334 4388->4335 4399 401191 GlobalAlloc 4389->4399 4391 401654 4391->4388 4393 4015d5 4392->4393 4394 40160f 4392->4394 4401 401402 4393->4401 4394->4328 4394->4333 4396 4015dd 4396->4394 4397 4015e1 lstrlen GlobalReAlloc 4396->4397 4397->4394 4398 401601 lstrcat 4397->4398 4398->4394 4400 4011b3 4399->4400 4400->4391 4412 401420 4401->4412 4402 40143b ExpandEnvironmentStringsA 4402->4412 4403 401460 ExpandEnvironmentStringsA 4403->4412 4404 401485 ExpandEnvironmentStringsA 4404->4412 4405 4014a7 ExpandEnvironmentStringsA 4405->4412 4406 401534 CreateDirectoryA 4416 401223 GetTempFileNameA CreateFileA 4406->4416 4407 401525 lstrcat 4407->4406 4408 4014c9 GetSystemDirectoryA 4408->4412 4409 4014e5 GetWindowsDirectoryA 4409->4412 4411 401501 GetTempPathA 4411->4412 4412->4402 4412->4403 4412->4404 4412->4405 4412->4406 4412->4407 4412->4408 4412->4409 4412->4411 4413 401552 lstrlen GlobalAlloc 4412->4413 4414 40159c 4412->4414 4413->4414 4415 40156d lstrcpy lstrlen 4413->4415 4414->4396 4415->4414 4417 401280 DeleteFileA 4416->4417 4418 401265 ExitProcess DeleteFileA 4416->4418 4417->4412 4418->4412 4430 4027e0 GetCurrentThreadId CreateToolhelp32Snapshot 4419->4430 4422 4029a2 GetModuleHandleA 4423 4029d8 4422->4423 4424 4029b9 GetProcAddress 4422->4424 4427 40289c GetCurrentProcessId 4423->4427 4424->4423 4425 4029c6 4424->4425 4442 4028ca VirtualProtect 4425->4442 4428 4027e0 10 API calls 4427->4428 4429 4028a9 4428->4429 4429->4365 4431 402805 Thread32First 4430->4431 4432 402887 4430->4432 4433 402820 4431->4433 4434 40287a ExitProcess 4431->4434 4432->4422 4435 402869 Thread32Next 4433->4435 4436 402830 OpenThread 4433->4436 4434->4432 4435->4433 4435->4434 4436->4435 4437 402840 4436->4437 4438 402853 4437->4438 4439 402849 SuspendThread Wow64SuspendThread 4437->4439 4440 402861 ExitProcess 4438->4440 4441 402859 ResumeThread 4438->4441 4439->4438 4441->4440 4443 4028f4 4442->4443 4444 40299b 4442->4444 4445 4028fe VirtualAlloc 4443->4445 4444->4423 4446 402921 4445->4446 4447 40298a VirtualProtect 4445->4447 4448 402942 VirtualProtect 4446->4448 4447->4444 4448->4447 4450 4029f0 VirtualProtect 4449->4450 4451 402a52 4449->4451 4452 402a31 VirtualProtect VirtualFree 4450->4452 4453 402a1c 4450->4453 4451->4371 4452->4451 4453->4452 4454 5b11e7 4455 5b1221 4454->4455 4457 5b27a0 NtAllocateVirtualMemory 4455->4457 4458 5b329d 4457->4458 4458->4455 4513 4012ff CreateFileA 4514 40132b GetFileSize GlobalAlloc 4513->4514 4515 40136f 4513->4515 4516 401362 4514->4516 4517 401349 ReadFile 4514->4517 4518 401367 ExitProcess 4516->4518 4517->4518

                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                          Function 004011DF Relevance: 3.0, APIs: 2, Instructions: 20fileCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 114 4011df-40120b call 401000 FindFirstFileA 117 40121a 114->117 118 40120d-401218 FindClose 114->118 119 40121f-401220 117->119 118->119
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • FindFirstFileA.KERNEL32(?,?), ref: 00401203
                                                                                                                                                                                                                                                                                          • FindClose.KERNEL32(00000000,?,?), ref: 0040120E
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.1253514858.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_400000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 5ef48afcc60f0df42ca52d170e360d4b387ed72ee7c98a6338fd5de06560ac66
                                                                                                                                                                                                                                                                                          • Instruction ID: b1f125ed4efc06f30582f8b04dd36de647bf725fcf985a164ddf40afef925a9c
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ef48afcc60f0df42ca52d170e360d4b387ed72ee7c98a6338fd5de06560ac66
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 60E0C23040020812DB10F6A48C0ABCA329C5F24318F0002B77619F31E1DA7CDEC4C76E
                                                                                                                                                                                                                                                                                          Function 005B04CC Relevance: 1.5, APIs: 1, Instructions: 48nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtQuerySystemInformation.NTDLL(00000000,FB145B9B,E0605F88,00000002,?), ref: 005B36B6
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000007.00000003.1251000401.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_3_5b0000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 8d827ceb1cc416b39031b6256c29159742f08048d30b83f4891e398e95171e99
                                                                                                                                                                                                                                                                                          • Instruction ID: 2bdc978e4153454c943794ff0bed477aaf96ebeb800aebf2f8f142c770dc9ef6
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d827ceb1cc416b39031b6256c29159742f08048d30b83f4891e398e95171e99
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 11118E9080D3D46FD72397348868AA83FB07F03304F1A45CBD1C5EB0E3DA696A48CB22
                                                                                                                                                                                                                                                                                          Function 005B3519 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 146 5b3519-5b3548 147 5b3550-5b3556 146->147 148 5b36b1-5b36c3 NtQuerySystemInformation 147->148 150 5b36c9 148->150 151 5b19c1-5b19c6 148->151 150->150 152 5b19cc-5b19d1 151->152 153 5b34c1-5b34c7 151->153 152->153 154 5b19d7-5b34c0 152->154 153->146
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtQuerySystemInformation.NTDLL ref: 005B36B6
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.1254109220.00000000005B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B1000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b1000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 2171132a724ee702e00d67cb4ae17207dee643bdc257fb58d7537d09c28e9070
                                                                                                                                                                                                                                                                                          • Instruction ID: 6cd0985340e6bbb8b7b0ce9f7c389701b9998e2bf469e295c151bb126bc57098
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2171132a724ee702e00d67cb4ae17207dee643bdc257fb58d7537d09c28e9070
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 94016D9180C7C45FD71397A498A57E83FA07B6B318F1A05D6D198EA0E3E6286A068726
                                                                                                                                                                                                                                                                                          Function 005B0335 Relevance: 1.5, APIs: 1, Instructions: 29memorynativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL(?,42025366), ref: 005B27CB
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000007.00000003.1251000401.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_3_5b0000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 7fc04df0d5d77a41f467c6adf8d35f92e442f5b7f77c8826fd2060193fd8791e
                                                                                                                                                                                                                                                                                          • Instruction ID: 1f0ab59edd5c5226f43018cae23c5bb8de73efaf27ede7eec2f6be69653ae157
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7fc04df0d5d77a41f467c6adf8d35f92e442f5b7f77c8826fd2060193fd8791e
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 54F01CDA80D7D02EF3135274A8A5B943FA0AB77248F0B44C7D0C4DB0E3D5695A4E8326
                                                                                                                                                                                                                                                                                          Function 005B3519 Relevance: 1.5, APIs: 1, Instructions: 26nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtQuerySystemInformation.NTDLL(00000000,FB145B9B,E0605F88,00000002,?), ref: 005B36B6
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000007.00000003.1251000401.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_3_5b0000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 190a51f41ef361d33bfa81698acc1348fdb76df4dcbf211a6dfeeae8dfbe8205
                                                                                                                                                                                                                                                                                          • Instruction ID: dc7da2a4eb58b0f2f44d712d4764b04a233cc9a14d790032c7097a59136222d7
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 190a51f41ef361d33bfa81698acc1348fdb76df4dcbf211a6dfeeae8dfbe8205
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A1F0F8C680C7C15FE31313A49CA1B953FA06B6721CF1B05CAD1D4CA0E3D6682A068727
                                                                                                                                                                                                                                                                                          Function 005B0814 Relevance: 1.5, APIs: 1, Instructions: 26nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtProtectVirtualMemory.NTDLL(?), ref: 005B0856
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000007.00000003.1251000401.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_3_5b0000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: MemoryProtectVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2706961497-0
                                                                                                                                                                                                                                                                                          • Opcode ID: a7512f518d9cd3fd1093e4f2270c633ac2325be1cc000d8372d1ddfaef692cf0
                                                                                                                                                                                                                                                                                          • Instruction ID: 4cc0cd4939549653ddeadcd6780a7fd14e3099932dbf01f48f44b88587bd5de3
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7512f518d9cd3fd1093e4f2270c633ac2325be1cc000d8372d1ddfaef692cf0
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02F05FC691E3D02EE707937458697497FB01B67209F0A80CAC1919B0E3E6A85909C336
                                                                                                                                                                                                                                                                                          Function 005B27A0 Relevance: 1.5, APIs: 1, Instructions: 19memorynativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 156 5b27a0-5b27d1 NtAllocateVirtualMemory 157 5b329d 156->157
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL ref: 005B27CB
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.1254109220.00000000005B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B1000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b1000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction ID: 6abc7c78ef98ddbff1e7a8090ff0b9819c6770486818893d83890cf838d50aa9
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9E0928691E3D40EE70393745864A847FB16F67118F4B85DBD0D5CA0E3D6489A0EC326
                                                                                                                                                                                                                                                                                          Function 005B27A0 Relevance: 1.5, APIs: 1, Instructions: 19memorynativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL(?,42025366), ref: 005B27CB
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000007.00000003.1251000401.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_3_5b0000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction ID: 6abc7c78ef98ddbff1e7a8090ff0b9819c6770486818893d83890cf838d50aa9
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9E0928691E3D40EE70393745864A847FB16F67118F4B85DBD0D5CA0E3D6489A0EC326
                                                                                                                                                                                                                                                                                          Function 005B1457 Relevance: 1.5, APIs: 1, Instructions: 9nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtFreeVirtualMemory.NTDLL(00000000,F40368AB), ref: 005B2750
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000007.00000003.1251000401.00000000005B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_3_5b0000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FreeMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3963845541-0
                                                                                                                                                                                                                                                                                          • Opcode ID: b48d3e1404e8900d199013f262c6db174cb68df81b1b54382843596abfa5e2cd
                                                                                                                                                                                                                                                                                          • Instruction ID: a8cdae2a733c7529c0bb2ce35ca653ced5370135d2cc19617fa2e59cde0d8809
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b48d3e1404e8900d199013f262c6db174cb68df81b1b54382843596abfa5e2cd
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 77B01200004202374C04B3F99C5BCFF4C0878D53C87201D01F423F10D54C24F2209473
                                                                                                                                                                                                                                                                                          Function 005B2740 Relevance: 1.5, APIs: 1, Instructions: 8nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 158 5b2740-5b2752 NtFreeVirtualMemory 161 5b2e0f-5b2e10 158->161
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.1254109220.00000000005B1000.00000040.00001000.00020000.00000000.sdmp, Offset: 005B1000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_5b1000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FreeMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3963845541-0
                                                                                                                                                                                                                                                                                          • Opcode ID: daf8ff062a64d71ed8538d5a4dfc0d1fcbc3b82ee8d6e8e9fd10b4b60d0c9c1d
                                                                                                                                                                                                                                                                                          • Instruction ID: 807e0e2a4e1563b6a1ee971318a01bfd2dcffc3757b21e7ec08b499b30b956ba
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: daf8ff062a64d71ed8538d5a4dfc0d1fcbc3b82ee8d6e8e9fd10b4b60d0c9c1d
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8DB01200004202374800B3F99C5BCBF4C0834D53C83101D01B412F10C54C24F2208472
                                                                                                                                                                                                                                                                                          Function 00401718 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 100registrystringCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • RegOpenKeyA.ADVAPI32(80000000,http\shell\open\command,00000000), ref: 00401731
                                                                                                                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 00401750
                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 00401763
                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 0040176B
                                                                                                                                                                                                                                                                                          • lstrcpy.KERNEL32(00000000,00000001), ref: 00401784
                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 0040178C
                                                                                                                                                                                                                                                                                          • ExpandEnvironmentStringsA.KERNEL32(%ProgramFiles%\Internet Explorer\iexplore.exe,?,?,00000000), ref: 004017C0
                                                                                                                                                                                                                                                                                          • RegOpenKeyA.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE,00000000), ref: 004017F2
                                                                                                                                                                                                                                                                                          • RegQueryValueExA.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,?,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE,00000000,00000000,%ProgramFiles%\Internet Explorer\iexplore.exe,?,?,00000000), ref: 00401811
                                                                                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE,00000000,00000000,%ProgramFiles%\Internet Explorer\iexplore.exe,?,?,00000000), ref: 00401824
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          • http\shell\open\command, xrefs: 00401727
                                                                                                                                                                                                                                                                                          • SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE, xrefs: 004017E8
                                                                                                                                                                                                                                                                                          • %ProgramFiles%\Internet Explorer\iexplore.exe, xrefs: 004017BB
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.1253514858.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_400000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: CloseOpenQueryValuelstrlen$EnvironmentExpandStringslstrcpy
                                                                                                                                                                                                                                                                                          • String ID: %ProgramFiles%\Internet Explorer\iexplore.exe$SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE$http\shell\open\command
                                                                                                                                                                                                                                                                                          • API String ID: 3609507023-2166425673
                                                                                                                                                                                                                                                                                          • Opcode ID: ec1019beed7b315069fa3b1779e8fda54c19aa443329518b0391860384422208
                                                                                                                                                                                                                                                                                          • Instruction ID: 492c7e26a815c2c5e33e9532f8691bf3d5bdac08c2cdb0d7937cd877f00ba273
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ec1019beed7b315069fa3b1779e8fda54c19aa443329518b0391860384422208
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2731FE31580009FADF116B91CD46F9D7E26EF14348F108036B904B81F1D7B98FA1EB98
                                                                                                                                                                                                                                                                                          Function 00402B89 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 73stringfileCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 27 402b89-402b9d 28 402bc4-402bc8 27->28 29 402b9f-402baf GetVolumePathNameA 27->29 31 402c10-402c14 28->31 32 402bca-402be7 lstrlen call 40161b 28->32 29->28 30 402bb1-402bbd GetDriveTypeA 29->30 30->28 35 402bbf-402bc1 30->35 33 402c54-402c58 31->33 34 402c16-402c27 call 4015bf 31->34 32->31 40 402be9-402bf0 32->40 34->33 41 402c29-402c3b CopyFileA 34->41 35->28 42 402bf2-402c01 lstrcmpiA 40->42 43 402c08-402c0b GlobalFree 40->43 44 402c4c-402c4f GlobalFree 41->44 45 402c3d-402c49 call 401379 41->45 42->43 46 402c03-402c05 42->46 43->31 44->33 45->44 46->43
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GetVolumePathNameA.KERNEL32(00000000,?,0000000A), ref: 00402BA8
                                                                                                                                                                                                                                                                                          • GetDriveTypeA.KERNEL32(?,00000000,00000000), ref: 00402BB5
                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00402BCD
                                                                                                                                                                                                                                                                                          • lstrcmpiA.KERNEL32(00000000,DesktopLayer.exe), ref: 00402BFA
                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00402C0B
                                                                                                                                                                                                                                                                                          • CopyFileA.KERNEL32(00000001,?,00000000), ref: 00402C34
                                                                                                                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00402C4F
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.1253514858.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_400000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FreeGlobal$CopyDriveFileNamePathTypeVolumelstrcmpilstrlen
                                                                                                                                                                                                                                                                                          • String ID: DesktopLayer.exe$Microsoft
                                                                                                                                                                                                                                                                                          • API String ID: 2423091117-2303414202
                                                                                                                                                                                                                                                                                          • Opcode ID: c0ca75b23bda53f436f0ea2ef0c44b34eb9accc9f18b291d2ed0bc16f2845a68
                                                                                                                                                                                                                                                                                          • Instruction ID: 424de1d055d36d94485564944f0a82ae944634b2939da7d16f421487f9db5567
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c0ca75b23bda53f436f0ea2ef0c44b34eb9accc9f18b291d2ed0bc16f2845a68
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B0214C31940109FAEF21AEA1CE4ABEE7B75AF00308F204076B600B41E0D7F99E80DB58
                                                                                                                                                                                                                                                                                          Function 004027E0 Relevance: 13.6, APIs: 9, Instructions: 58threadprocessinjectionCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 004027EB
                                                                                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000,00000000), ref: 004027F7
                                                                                                                                                                                                                                                                                          • Thread32First.KERNEL32(?,?), ref: 00402817
                                                                                                                                                                                                                                                                                          • OpenThread.KERNEL32(00000002,00000000,?,00000004,00000000,00000000), ref: 00402837
                                                                                                                                                                                                                                                                                          • SuspendThread.KERNEL32(?,00000002,00000000,?,00000004,00000000,00000000), ref: 0040284C
                                                                                                                                                                                                                                                                                          • ResumeThread.KERNEL32(?,00000002,00000000,?,00000004,00000000,00000000), ref: 0040285C
                                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32(?,00000002,00000000,?,00000004,00000000,00000000), ref: 00402864
                                                                                                                                                                                                                                                                                          • Thread32Next.KERNEL32(?,?), ref: 00402870
                                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32(?,00000004,00000000,00000000), ref: 0040287D
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.1253514858.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_400000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Thread$ExitProcessThread32$CreateCurrentFirstNextOpenResumeSnapshotSuspendToolhelp32
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3069391254-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 72e94921eaf1fb3e7ebfb8d2ccb6d59a18575e0b5bae3622c53e44924cfbaa71
                                                                                                                                                                                                                                                                                          • Instruction ID: 86f68fd1592829ff739bdd2ae1b77707a543462ea7653b1b0fc8759417c2ad1e
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 72e94921eaf1fb3e7ebfb8d2ccb6d59a18575e0b5bae3622c53e44924cfbaa71
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B1112135D00209EBDF11ABA1CE8ABDDBB74AF04314F108576F510B52D1D7B99E819B68
                                                                                                                                                                                                                                                                                          Function 00402C5B Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                            • Part of subcall function 00401718: RegOpenKeyA.ADVAPI32(80000000,http\shell\open\command,00000000), ref: 00401731
                                                                                                                                                                                                                                                                                            • Part of subcall function 00401718: RegQueryValueExA.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 00401750
                                                                                                                                                                                                                                                                                            • Part of subcall function 00401718: RegCloseKey.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 00401763
                                                                                                                                                                                                                                                                                            • Part of subcall function 00401718: lstrlen.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 0040176B
                                                                                                                                                                                                                                                                                            • Part of subcall function 00401718: lstrcpy.KERNEL32(00000000,00000001), ref: 00401784
                                                                                                                                                                                                                                                                                            • Part of subcall function 00401718: lstrlen.KERNEL32(00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000), ref: 0040178C
                                                                                                                                                                                                                                                                                            • Part of subcall function 00401718: ExpandEnvironmentStringsA.KERNEL32(%ProgramFiles%\Internet Explorer\iexplore.exe,?,?,00000000), ref: 004017C0
                                                                                                                                                                                                                                                                                            • Part of subcall function 00401718: RegOpenKeyA.ADVAPI32(80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE,00000000), ref: 004017F2
                                                                                                                                                                                                                                                                                            • Part of subcall function 00401718: RegQueryValueExA.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,?,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE,00000000,00000000,%ProgramFiles%\Internet Explorer\iexplore.exe,?,?,00000000), ref: 00401811
                                                                                                                                                                                                                                                                                            • Part of subcall function 00401718: RegCloseKey.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,80000002,SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE,00000000,00000000,%ProgramFiles%\Internet Explorer\iexplore.exe,?,?,00000000), ref: 00401824
                                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32(00000000), ref: 00402CE1
                                                                                                                                                                                                                                                                                            • Part of subcall function 004016DF: CreateMutexA.KERNEL32(00000000,00000000,?), ref: 004016EC
                                                                                                                                                                                                                                                                                            • Part of subcall function 004016DF: GetLastError.KERNEL32(00000000,00000000,?), ref: 004016F8
                                                                                                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,C:\Program Files (x86)\Microsoft\DesktopLayer.exe,00000104), ref: 00402C99
                                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32(00000000,00000000,C:\Program Files (x86)\Microsoft\DesktopLayer.exe,00000104), ref: 00402CBA
                                                                                                                                                                                                                                                                                            • Part of subcall function 004016C2: ReleaseMutex.KERNEL32(00000000), ref: 004016CE
                                                                                                                                                                                                                                                                                            • Part of subcall function 004016C2: ExitProcess.KERNEL32(00000000,00000000), ref: 004016D6
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.1253514858.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_400000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: ExitProcess$CloseMutexOpenQueryValuelstrlen$CreateEnvironmentErrorExpandFileLastModuleNameReleaseStringslstrcpy
                                                                                                                                                                                                                                                                                          • String ID: C:\Program Files (x86)\Microsoft\DesktopLayer.exe$C:\Program Files\Internet Explorer\iexplore.exe$KyUffThOkYwRRtgPP
                                                                                                                                                                                                                                                                                          • API String ID: 6870790-2696736907
                                                                                                                                                                                                                                                                                          • Opcode ID: c778e505cab7d16e3cbb336080de4768f103949627ee3b3c3742f60529a72c39
                                                                                                                                                                                                                                                                                          • Instruction ID: 658ed56b8edc3d340efa7718af161cce9f9a56405a25793705c5132ec09cd582
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c778e505cab7d16e3cbb336080de4768f103949627ee3b3c3742f60529a72c39
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17F07470A9920166F96036E31F4BF2D3519AB51B19F24493FFA06B5ADAC8FDC880406E
                                                                                                                                                                                                                                                                                          Function 004028CA Relevance: 6.1, APIs: 4, Instructions: 80memoryCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • VirtualProtect.KERNEL32(?,0000000A,00000040,?,00000000), ref: 004028E7
                                                                                                                                                                                                                                                                                          • VirtualAlloc.KERNEL32(00000000,?,00001000,00000040,?,0000000A,00000040,?,00000000), ref: 00402918
                                                                                                                                                                                                                                                                                          • VirtualProtect.KERNEL32(?,?,?,?,00000000,?,00001000,00000040,?,0000000A,00000040,?,00000000), ref: 00402980
                                                                                                                                                                                                                                                                                          • VirtualProtect.KERNEL32(?,0000000A,?,?,00000000,?,00001000,00000040,?,0000000A,00000040,?,00000000), ref: 00402996
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.1253514858.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_400000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Virtual$Protect$Alloc
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2541858876-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 369eeb65aa296d2dae8c1e6228be278ee0825764de037de80b8f859d133c5a73
                                                                                                                                                                                                                                                                                          • Instruction ID: b6ba2b43a951933c86d16c11af4f64c0acd03aa07567240cc84e3321d53f4215
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 369eeb65aa296d2dae8c1e6228be278ee0825764de037de80b8f859d133c5a73
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C311871A0020AEFDF11CFA9C945B9DBFB4EF14340F14406AFA48BA290D6759A91DB94
                                                                                                                                                                                                                                                                                          Function 004029DF Relevance: 4.5, APIs: 3, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 97 4029df-4029ee 98 4029f0-402a1a VirtualProtect 97->98 99 402a52-402a56 97->99 100 402a31-402a4d VirtualProtect VirtualFree 98->100 101 402a1c-402a2e call 401018 98->101 100->99 101->100
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • VirtualProtect.KERNEL32(00000000,?,00000040,?,00000000), ref: 00402A13
                                                                                                                                                                                                                                                                                          • VirtualProtect.KERNEL32(00000000,?,?,?,00000000,?,00000040,?,00000000), ref: 00402A3E
                                                                                                                                                                                                                                                                                          • VirtualFree.KERNEL32(?,00000000,00008000,00000000,?,?,?,00000000,?,00000040,?,00000000), ref: 00402A4D
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.1253514858.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_400000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Virtual$Protect$Free
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3866829018-0
                                                                                                                                                                                                                                                                                          • Opcode ID: b8d8473e9f29018263d002a1b9394d49cdd053bf5ffd04d5e508e7cc333462ac
                                                                                                                                                                                                                                                                                          • Instruction ID: f27a144675b2fe01f67425664e92267be8f0394ad88cd99cbc2fa8d205c62a39
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b8d8473e9f29018263d002a1b9394d49cdd053bf5ffd04d5e508e7cc333462ac
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CA01D031A40109BEDF219F94CD46FEEBFB5BF15304F108066B614BA1E0D7B59A90EB88
                                                                                                                                                                                                                                                                                          Function 00401379 Relevance: 4.5, APIs: 3, Instructions: 35processCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 104 401379-4013d3 call 401000 * 2 CreateProcessA ExitProcess * 2
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000001,?), ref: 004013BB
                                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32(?,?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000001,?), ref: 004013C8
                                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32(?,?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000001,?), ref: 004013CD
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.1253514858.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_400000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Process$Exit$Create
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2394923174-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 0b9fd5c7e8ad01172abb2ed1f5057486634ba48228bf173a733661a2fbaf2fb1
                                                                                                                                                                                                                                                                                          • Instruction ID: 9702a8fae010102b8f3319c9dcbb37de3e5b74a77d2506e72a6bb3d194965e30
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0b9fd5c7e8ad01172abb2ed1f5057486634ba48228bf173a733661a2fbaf2fb1
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 00F05E7280410DAADF00EBD1CD42FDEB73CBF04358F204022B304BA0D1E7B8A6588759
                                                                                                                                                                                                                                                                                          Function 004029A2 Relevance: 3.0, APIs: 2, Instructions: 23libraryloaderCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 109 4029a2-4029b7 GetModuleHandleA 110 4029d8-4029dc 109->110 111 4029b9-4029c4 GetProcAddress 109->111 111->110 112 4029c6-4029d3 call 4028ca 111->112 112->110
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(?,00000000), ref: 004029B0
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 004029BD
                                                                                                                                                                                                                                                                                            • Part of subcall function 004028CA: VirtualProtect.KERNEL32(?,0000000A,00000040,?,00000000), ref: 004028E7
                                                                                                                                                                                                                                                                                            • Part of subcall function 004028CA: VirtualAlloc.KERNEL32(00000000,?,00001000,00000040,?,0000000A,00000040,?,00000000), ref: 00402918
                                                                                                                                                                                                                                                                                            • Part of subcall function 004028CA: VirtualProtect.KERNEL32(?,?,?,?,00000000,?,00001000,00000040,?,0000000A,00000040,?,00000000), ref: 00402980
                                                                                                                                                                                                                                                                                            • Part of subcall function 004028CA: VirtualProtect.KERNEL32(?,0000000A,?,?,00000000,?,00001000,00000040,?,0000000A,00000040,?,00000000), ref: 00402996
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.1253514858.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_400000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Virtual$Protect$AddressAllocHandleModuleProc
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 4290937511-0
                                                                                                                                                                                                                                                                                          • Opcode ID: b921994f58bdc4b210f7c8b35a7cf946ba28c7636f8b93b1c0c647cbddfc2515
                                                                                                                                                                                                                                                                                          • Instruction ID: 1651995c63ca12de55e895945037ab8e41c16d8622046d8211499f0a59fcab6d
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b921994f58bdc4b210f7c8b35a7cf946ba28c7636f8b93b1c0c647cbddfc2515
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 54E01A72A1010EFACF11AFA0CE4AA9E7B78AF10314F104576B510F51E1DAB5DA52AB58
                                                                                                                                                                                                                                                                                          Function 004016DF Relevance: 3.0, APIs: 2, Instructions: 20synchronizationCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 120 4016df-4016f6 CreateMutexA 121 401711-401715 120->121 122 4016f8-401702 GetLastError 120->122 122->121 123 401704-40170e call 4016c2 122->123 123->121
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • CreateMutexA.KERNEL32(00000000,00000000,?), ref: 004016EC
                                                                                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,00000000,?), ref: 004016F8
                                                                                                                                                                                                                                                                                            • Part of subcall function 004016C2: ReleaseMutex.KERNEL32(00000000), ref: 004016CE
                                                                                                                                                                                                                                                                                            • Part of subcall function 004016C2: ExitProcess.KERNEL32(00000000,00000000), ref: 004016D6
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.1253514858.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_400000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Mutex$CreateErrorExitLastProcessRelease
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 1221886886-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 0897c6c8bd5289ff081836c2ea4f05b2bb83777deb02434dc499b74169ab8284
                                                                                                                                                                                                                                                                                          • Instruction ID: 09fa4dce51ae3b9f4bbea8390c7e24992755dbbf689dbb8f605fa6f359d9358e
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0897c6c8bd5289ff081836c2ea4f05b2bb83777deb02434dc499b74169ab8284
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2EE0CD30604109F7DF50A7B48D43B8D76605B00314F300036B604B91F2D6748F00665D
                                                                                                                                                                                                                                                                                          Function 0040288E Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 0040288E
                                                                                                                                                                                                                                                                                            • Part of subcall function 004027E0: GetCurrentThreadId.KERNEL32 ref: 004027EB
                                                                                                                                                                                                                                                                                            • Part of subcall function 004027E0: CreateToolhelp32Snapshot.KERNEL32(00000004,00000000,00000000), ref: 004027F7
                                                                                                                                                                                                                                                                                            • Part of subcall function 004027E0: Thread32First.KERNEL32(?,?), ref: 00402817
                                                                                                                                                                                                                                                                                            • Part of subcall function 004027E0: OpenThread.KERNEL32(00000002,00000000,?,00000004,00000000,00000000), ref: 00402837
                                                                                                                                                                                                                                                                                            • Part of subcall function 004027E0: SuspendThread.KERNEL32(?,00000002,00000000,?,00000004,00000000,00000000), ref: 0040284C
                                                                                                                                                                                                                                                                                            • Part of subcall function 004027E0: ExitProcess.KERNEL32(?,00000002,00000000,?,00000004,00000000,00000000), ref: 00402864
                                                                                                                                                                                                                                                                                            • Part of subcall function 004027E0: Thread32Next.KERNEL32(?,?), ref: 00402870
                                                                                                                                                                                                                                                                                            • Part of subcall function 004027E0: ExitProcess.KERNEL32(?,00000004,00000000,00000000), ref: 0040287D
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.1253514858.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_400000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: ProcessThread$CurrentExitThread32$CreateFirstNextOpenSnapshotSuspendToolhelp32
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 1967596357-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 2e9851a2dd101650b380cd5b6f0936979375b9f6a6facf91819529721b8f5585
                                                                                                                                                                                                                                                                                          • Instruction ID: c3a74163a59861bd7985e3066268b4a11e13b3a8d8b6cef394e370295a2bc129
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2e9851a2dd101650b380cd5b6f0936979375b9f6a6facf91819529721b8f5585
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F590026854020821EC5132724F0FB0941095B58748FD0046A7100760C248FC6404002C
                                                                                                                                                                                                                                                                                          Function 0040289C Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 0040289C
                                                                                                                                                                                                                                                                                            • Part of subcall function 004027E0: GetCurrentThreadId.KERNEL32 ref: 004027EB
                                                                                                                                                                                                                                                                                            • Part of subcall function 004027E0: CreateToolhelp32Snapshot.KERNEL32(00000004,00000000,00000000), ref: 004027F7
                                                                                                                                                                                                                                                                                            • Part of subcall function 004027E0: Thread32First.KERNEL32(?,?), ref: 00402817
                                                                                                                                                                                                                                                                                            • Part of subcall function 004027E0: OpenThread.KERNEL32(00000002,00000000,?,00000004,00000000,00000000), ref: 00402837
                                                                                                                                                                                                                                                                                            • Part of subcall function 004027E0: SuspendThread.KERNEL32(?,00000002,00000000,?,00000004,00000000,00000000), ref: 0040284C
                                                                                                                                                                                                                                                                                            • Part of subcall function 004027E0: ExitProcess.KERNEL32(?,00000002,00000000,?,00000004,00000000,00000000), ref: 00402864
                                                                                                                                                                                                                                                                                            • Part of subcall function 004027E0: Thread32Next.KERNEL32(?,?), ref: 00402870
                                                                                                                                                                                                                                                                                            • Part of subcall function 004027E0: ExitProcess.KERNEL32(?,00000004,00000000,00000000), ref: 0040287D
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.1253514858.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_400000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: ProcessThread$CurrentExitThread32$CreateFirstNextOpenSnapshotSuspendToolhelp32
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 1967596357-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 5ce912bdf5cca97aa05414d8d80f23ef3d40b423b240fbe2f3f9fed0901ee56e
                                                                                                                                                                                                                                                                                          • Instruction ID: eefd4aeca426eb494441e0bf0994250034091ef4c57f7009f494a994d807c82a
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ce912bdf5cca97aa05414d8d80f23ef3d40b423b240fbe2f3f9fed0901ee56e
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C090026855020821EC5132724F4FB49410A5B58748FC0046A7100760C288FD54440028

                                                                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                                                                          Function 00402002 Relevance: 7.6, APIs: 5, Instructions: 133memoryinjectionCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • VirtualAlloc.KERNEL32(?,00000000,00003000,00000040,?,?,10000000), ref: 00402054
                                                                                                                                                                                                                                                                                          • VirtualFree.KERNEL32(00000000,00000000,00008000,?,00000000,00003000,00000040,?,?,10000000), ref: 0040206C
                                                                                                                                                                                                                                                                                          • VirtualAllocEx.KERNEL32(00000000,?,00000000,00003000,00000040,00000000,00000000,00008000,?,00000000,00003000,00000040,?,?,10000000), ref: 00402081
                                                                                                                                                                                                                                                                                          • WriteProcessMemory.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,00000000,?,00000000,00003000,00000040,?), ref: 004020DD
                                                                                                                                                                                                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 004021A7
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.1253514858.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_400000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Virtual$Alloc$FileFreeMemoryModuleNameProcessWrite
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 1226386272-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 6c1e21183a980ab968bbfee776e79cb2fdededaff1f5bdb30310a3cb0ebcf345
                                                                                                                                                                                                                                                                                          • Instruction ID: 20129d6dd5dd2ce482b1996248009f9aa0b5b2071adf242341de1031ba6d11b0
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c1e21183a980ab968bbfee776e79cb2fdededaff1f5bdb30310a3cb0ebcf345
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0051B572900119EEDF22AFD4DD45BEEBB75EB08304F1044A6F614B51E1C7B99A90DF48
                                                                                                                                                                                                                                                                                          Function 00401848 Relevance: 52.6, APIs: 15, Strings: 15, Instructions: 98libraryloaderCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 00401853
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,LdrLoadDll), ref: 0040186C
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,LdrGetDllHandle), ref: 00401887
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,LdrGetProcedureAddress), ref: 004018A2
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,RtlInitUnicodeString), ref: 004018BD
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,RtlUnicodeStringToAnsiString), ref: 004018D8
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,RtlFreeAnsiString), ref: 004018F3
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,RtlInitString), ref: 0040190E
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,RtlAnsiStringToUnicodeString), ref: 00401929
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,RtlFreeUnicodeString), ref: 00401944
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,ZwProtectVirtualMemory), ref: 0040195B
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,RtlCreateUserThread), ref: 00401972
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,ZwFreeVirtualMemory), ref: 00401989
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,ZwDelayExecution), ref: 004019A0
                                                                                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,ZwQueryInformationProcess), ref: 004019B7
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.1253514858.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_400000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                                                                                          • String ID: LdrGetDllHandle$LdrGetProcedureAddress$LdrLoadDll$RtlAnsiStringToUnicodeString$RtlCreateUserThread$RtlFreeAnsiString$RtlFreeUnicodeString$RtlInitString$RtlInitUnicodeString$RtlUnicodeStringToAnsiString$ZwDelayExecution$ZwFreeVirtualMemory$ZwProtectVirtualMemory$ZwQueryInformationProcess$ntdll.dll
                                                                                                                                                                                                                                                                                          • API String ID: 667068680-543826357
                                                                                                                                                                                                                                                                                          • Opcode ID: 69ca6255efe83f27f5b84edb10674d8826c510bd713bf2e009cb445737337cba
                                                                                                                                                                                                                                                                                          • Instruction ID: bc6468009a329136bf4eb22e9ff5b6ca0f6950a870a5312c355c34da05818bdd
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 69ca6255efe83f27f5b84edb10674d8826c510bd713bf2e009cb445737337cba
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8310EF0D10285AADF21ABE5DE46B6D7AA1DF00704F240577A450F12F1D7BC4E98EA4D
                                                                                                                                                                                                                                                                                          Function 00401402 Relevance: 29.9, APIs: 13, Strings: 4, Instructions: 122stringmemoryCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • ExpandEnvironmentStringsA.KERNEL32(%ProgramFiles%,?,000002FC,?,00000000,00000000), ref: 0040144C
                                                                                                                                                                                                                                                                                          • ExpandEnvironmentStringsA.KERNEL32(%CommonProgramFiles%,?,000002FC,00000000), ref: 00401471
                                                                                                                                                                                                                                                                                          • ExpandEnvironmentStringsA.KERNEL32(%HOMEDRIVE%%HOMEPATH%,?,000002FC,00000000), ref: 00401496
                                                                                                                                                                                                                                                                                          • ExpandEnvironmentStringsA.KERNEL32(%APPDATA%,?,000002FC,00000000), ref: 004014B8
                                                                                                                                                                                                                                                                                          • lstrcat.KERNEL32(?,00000000), ref: 0040152F
                                                                                                                                                                                                                                                                                          • CreateDirectoryA.KERNEL32(?,00000000,00000000), ref: 0040153D
                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(?,?,00000000,%ProgramFiles%,?,000002FC,?,00000000,00000000), ref: 00401559
                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,-00000002,?,?,00000000,%ProgramFiles%,?,000002FC,?,00000000,00000000), ref: 00401564
                                                                                                                                                                                                                                                                                          • lstrcpy.KERNEL32(00000000,?), ref: 00401580
                                                                                                                                                                                                                                                                                          • lstrlen.KERNEL32(00000000,00000040,-00000002,?,?,00000000,%ProgramFiles%,?,000002FC,?,00000000,00000000), ref: 0040158B
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.1253514858.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_400000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: EnvironmentExpandStrings$lstrlen$AllocCreateDirectoryGloballstrcatlstrcpy
                                                                                                                                                                                                                                                                                          • String ID: %APPDATA%$%CommonProgramFiles%$%HOMEDRIVE%%HOMEPATH%$%ProgramFiles%
                                                                                                                                                                                                                                                                                          • API String ID: 1756080463-2835764218
                                                                                                                                                                                                                                                                                          • Opcode ID: eb2d092b21e97612dede6986c0320930081586544f6f096bcc96e5e14e4d91fc
                                                                                                                                                                                                                                                                                          • Instruction ID: b3cca358a8796779bf3d8f55d13e7706bab6aaea77049080d11dc94dac6c4c64
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb2d092b21e97612dede6986c0320930081586544f6f096bcc96e5e14e4d91fc
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 164164F1940118B9DF20A651CD4AFBA737CEB84308F1040FBB306B60D1D6B84E869A6D
                                                                                                                                                                                                                                                                                          Function 00402602 Relevance: 7.7, APIs: 5, Instructions: 159memoryCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • VirtualAlloc.KERNEL32(?,?,00002000,00000001,?), ref: 00402663
                                                                                                                                                                                                                                                                                          • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,00002000,00000001,?), ref: 0040268A
                                                                                                                                                                                                                                                                                          • VirtualProtect.KERNEL32(?,?,00000002,?,?,?,00001000,00000004,?,?,00002000,00000001,?), ref: 004026BA
                                                                                                                                                                                                                                                                                          • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,?,?,00000002,?,?,?,00001000,00000004,?,?), ref: 0040270D
                                                                                                                                                                                                                                                                                          • VirtualProtect.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,00000000,?,00001000,00000004,?), ref: 004027C2
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.1253514858.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_400000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: Virtual$Alloc$Protect
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 655996629-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 8a1ec8856747ec6f4da4b5d0186b173a747b7486a7cabfdb4d41f6a841c9f38e
                                                                                                                                                                                                                                                                                          • Instruction ID: 96a6c0cd5334beb3fa36ead02948455c214efa3f4d05aea688992a3438b1af0e
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a1ec8856747ec6f4da4b5d0186b173a747b7486a7cabfdb4d41f6a841c9f38e
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B7511B32900209AFDF159F95CD45BEEBB71FF08314F104466F610B66E1D3B9A9A0DBA4
                                                                                                                                                                                                                                                                                          Function 004012FF Relevance: 7.5, APIs: 5, Instructions: 44filememoryCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • CreateFileA.KERNEL32(00000000,80000000,00000003,00000000,00000003,00000000,00000000,00000000,00000000), ref: 00401321
                                                                                                                                                                                                                                                                                          • GetFileSize.KERNEL32(?,00000000,00000000,80000000,00000003,00000000,00000003,00000000,00000000,00000000,00000000), ref: 00401333
                                                                                                                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,00000000,80000000,00000003,00000000,00000003,00000000,00000000,00000000,00000000), ref: 00401340
                                                                                                                                                                                                                                                                                          • ReadFile.KERNEL32(?,00000000,00000000,?,00000000,00000040,00000000,?,00000000,00000000,80000000,00000003,00000000,00000003,00000000,00000000), ref: 0040135B
                                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32(?,00000000,00000040,00000000,?,00000000,00000000,80000000,00000003,00000000,00000003,00000000,00000000,00000000,00000000), ref: 0040136A
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.1253514858.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_400000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: File$AllocCreateExitGlobalProcessReadSize
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 1961981507-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 4e761cb6b73df6b6b28292fb355679b642c493eaa2c4e242acb12fc99e6c2e86
                                                                                                                                                                                                                                                                                          • Instruction ID: 79cc8bef3f632a0c77fc9708f8f56676fd4cb2f71734551f03fa5f540b5cbac7
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e761cb6b73df6b6b28292fb355679b642c493eaa2c4e242acb12fc99e6c2e86
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4601E831E40208FAEF219BE1DD02FADBB75BF04B14F2081A6BB10791E0D6B55B51AB08
                                                                                                                                                                                                                                                                                          Function 00401223 Relevance: 7.5, APIs: 5, Instructions: 34fileCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • GetTempFileNameA.KERNEL32(?,0040D877,00000000,?), ref: 0040123D
                                                                                                                                                                                                                                                                                          • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000002,00000080,00000000,?,0040D877,00000000,?), ref: 0040125B
                                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32(00000000,?,C0000000,00000000,00000000,00000002,00000080,00000000,?,0040D877,00000000,?), ref: 00401266
                                                                                                                                                                                                                                                                                          • DeleteFileA.KERNEL32(?,00000000,?,C0000000,00000000,00000000,00000002,00000080,00000000,?,0040D877,00000000,?), ref: 00401272
                                                                                                                                                                                                                                                                                          • DeleteFileA.KERNEL32(?,?,C0000000,00000000,00000000,00000002,00000080,00000000,?,0040D877,00000000,?), ref: 00401287
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.1253514858.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_400000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: File$Delete$CreateExitNameProcessTemp
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3379470239-0
                                                                                                                                                                                                                                                                                          • Opcode ID: b6139246b5154474f3c282e1d073f29279d65b74cefbe59d51f48a5e86a2360c
                                                                                                                                                                                                                                                                                          • Instruction ID: 186fe5be79785259f1872443284916a5363f1187a29e07790adc69cdd5997470
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b6139246b5154474f3c282e1d073f29279d65b74cefbe59d51f48a5e86a2360c
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9BF082B164020835EB30E6618C0BF9A715C6B0070CF504676B714F61D1DAF8EA4587AD
                                                                                                                                                                                                                                                                                          Function 00402270 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                            • Part of subcall function 0040220E: ReadProcessMemory.KERNEL32(?,?,?,0000000C,?), ref: 00402251
                                                                                                                                                                                                                                                                                          • ReadProcessMemory.KERNEL32(?,?,?,00000040,?,00000000), ref: 0040229D
                                                                                                                                                                                                                                                                                          • ReadProcessMemory.KERNEL32(?,?,?,000000F8,?), ref: 004022C8
                                                                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.1253514858.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_400000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: MemoryProcessRead
                                                                                                                                                                                                                                                                                          • String ID: MZ$PE
                                                                                                                                                                                                                                                                                          • API String ID: 1726664587-1102611028
                                                                                                                                                                                                                                                                                          • Opcode ID: ca2693b3a002a90c9008a8d5c803d614c5cb3d8d4de5a3cffed5cd9569d7e1f6
                                                                                                                                                                                                                                                                                          • Instruction ID: ff517562bc2addfbfb0c077f2f9b6474b95ba07a3f67e200e1b9cf5a963460f1
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ca2693b3a002a90c9008a8d5c803d614c5cb3d8d4de5a3cffed5cd9569d7e1f6
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F901E97190020DEEDF10CBD4CD89AEDBBB8AB04308F0440ABA604B62D1D6B49E81DB58
                                                                                                                                                                                                                                                                                          Function 00401295 Relevance: 6.0, APIs: 4, Instructions: 37fileCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • CreateFileA.KERNEL32(?,40000000,00000003,00000000,?,00000080,00000000,00000000), ref: 004012B6
                                                                                                                                                                                                                                                                                          • SetFilePointer.KERNEL32(?,00000000,00000000,00000002,?,40000000,00000003,00000000,?,00000080,00000000,00000000), ref: 004012D2
                                                                                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,00000000,?,?,00000000,?,40000000,00000003,00000000,?,00000080,00000000,00000000), ref: 004012E6
                                                                                                                                                                                                                                                                                          • ExitProcess.KERNEL32(?,?,00000000,?,?,00000000,?,40000000,00000003,00000000,?,00000080,00000000,00000000), ref: 004012EE
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000007.00000002.1253514858.0000000000400000.00000040.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                          • Associated: 00000007.00000002.1253514858.0000000000410000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_7_2_400000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Yara matches
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: File$CreateExitPointerProcessWrite
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 1233698708-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 17073aa6979a65108cf7d39ef20d8d1bdf3bf7d4a4386ba95b440b7c12678aed
                                                                                                                                                                                                                                                                                          • Instruction ID: 075fdeaf1b34fa61d46e1d9352e38da4b48368fe327db8da620f2795438672a1
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 17073aa6979a65108cf7d39ef20d8d1bdf3bf7d4a4386ba95b440b7c12678aed
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6EF0FF31A40209FAEF219E90DD47F9D7B35AF04718F204266B620791E1C7B55E60AB09

                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                          Execution Coverage:13.5%
                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                                                                                          Total number of Nodes:12
                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:2
                                                                                                                                                                                                                                                                                          execution_graph 233 583519 236 5819c1 233->236 234 5836b6 NtQuerySystemInformation 235 5836c9 234->235 234->236 235->235 236->233 236->234 237 5819d7 236->237 238 582740 239 582745 NtFreeVirtualMemory 238->239 241 582e0f 239->241 242 5811e7 243 581221 242->243 245 5827a0 NtAllocateVirtualMemory 243->245 246 58329d 245->246 246->243

                                                                                                                                                                                                                                                                                          Callgraph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          • Opacity -> Relevance
                                                                                                                                                                                                                                                                                          • Disassembly available
                                                                                                                                                                                                                                                                                          callgraph 0 Function_005831D9 1 Function_005833D9 2 Function_0058245A 3 Function_00582DDB 4 Function_00581FDD 5 Function_005832D3 6 Function_00582454 7 Function_00581454 8 Function_005819CD 9 Function_00581FCD 10 Function_00582740 11 Function_00582642 12 Function_00581C42 13 Function_00581343 44 Function_00582E13 13->44 14 Function_005818C6 15 Function_00582D47 16 Function_00583047 17 Function_00582378 18 Function_0058187A 19 Function_00581DFA 20 Function_0058227E 21 Function_005825FE 22 Function_00582EF1 23 Function_00581174 77 Function_005810A2 23->77 24 Function_00582275 25 Function_005821F7 26 Function_00581D68 27 Function_00582569 28 Function_00581A6D 29 Function_00581CED 30 Function_00581D6E 31 Function_00582F62 32 Function_00582863 33 Function_00581CE3 34 Function_005820E4 35 Function_00583265 36 Function_005811E7 36->26 74 Function_005827A0 36->74 37 Function_00583198 38 Function_00583519 39 Function_00582419 40 Function_00582F99 41 Function_00582E1B 42 Function_00582D9B 43 Function_00581712 45 Function_00581414 46 Function_00583095 46->44 47 Function_00581608 48 Function_00582989 49 Function_0058310A 50 Function_0058178F 51 Function_0058348F 52 Function_00583000 53 Function_00581B02 54 Function_00581582 55 Function_00582A85 56 Function_00581339 56->44 57 Function_00581B3B 58 Function_0058223B 59 Function_00581BBC 60 Function_0058303D 61 Function_00582D3F 62 Function_005822B0 63 Function_00582131 64 Function_00581D33 65 Function_005817B3 66 Function_00582EB3 67 Function_00581035 68 Function_00581B35 69 Function_005825B7 70 Function_00582FA8 71 Function_0058292D 72 Function_005812AE 73 Function_005828AF 75 Function_00582520 76 Function_005824A0 78 Function_00582023 78->68 79 Function_00583623

                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                          Function 005804CC Relevance: 1.5, APIs: 1, Instructions: 48nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtQuerySystemInformation.NTDLL(00000000,FB145B9B,E0605F88,00000002,?), ref: 005836B6
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000013.00000003.1283500450.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_3_580000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 8d827ceb1cc416b39031b6256c29159742f08048d30b83f4891e398e95171e99
                                                                                                                                                                                                                                                                                          • Instruction ID: 5a54d039d93784823c6370fdc238d3d4f15c2596e8cbafdab10a3e54e7013d3f
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d827ceb1cc416b39031b6256c29159742f08048d30b83f4891e398e95171e99
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74118EA080D3D45FD713A7348868A683FB07F03304F1A49CBD5C5EB0E3D6694A49CB22
                                                                                                                                                                                                                                                                                          Function 00583519 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 13 583519-583548 14 583550-583556 13->14 15 5836b1-5836c3 NtQuerySystemInformation 14->15 17 5836c9 15->17 18 5819c1-5819c6 15->18 17->17 19 5819cc-5819d1 18->19 20 5834c1-5834c7 18->20 19->20 21 5819d7-5834c0 19->21 20->13
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtQuerySystemInformation.NTDLL ref: 005836B6
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000013.00000002.1314625876.0000000000581000.00000040.00001000.00020000.00000000.sdmp, Offset: 00581000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_581000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 2171132a724ee702e00d67cb4ae17207dee643bdc257fb58d7537d09c28e9070
                                                                                                                                                                                                                                                                                          • Instruction ID: f1b0d89803623b402603851ef84ec7ed3e68c97df3dd2ae42c6ea2252ce62fb2
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2171132a724ee702e00d67cb4ae17207dee643bdc257fb58d7537d09c28e9070
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A20186D1C0C7C44FE753A3A498A57983FA07B5731CF1709D6D5D5EA0E3D6284A068727
                                                                                                                                                                                                                                                                                          Function 00580335 Relevance: 1.5, APIs: 1, Instructions: 29memorynativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL(?,42025366), ref: 005827CB
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000013.00000003.1283500450.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_3_580000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 7fc04df0d5d77a41f467c6adf8d35f92e442f5b7f77c8826fd2060193fd8791e
                                                                                                                                                                                                                                                                                          • Instruction ID: 5e3cce2650967e75afb53f7bb49bdbc45ce92907c17ac69820e0ee4c4db048cf
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7fc04df0d5d77a41f467c6adf8d35f92e442f5b7f77c8826fd2060193fd8791e
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6F01CDA80D7D02EF3136274A8A5B843FA0AB77248F0B44C7D4C4DB0E3D5A94A4E8326
                                                                                                                                                                                                                                                                                          Function 00583519 Relevance: 1.5, APIs: 1, Instructions: 26nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtQuerySystemInformation.NTDLL(00000000,FB145B9B,E0605F88,00000002,?), ref: 005836B6
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000013.00000003.1283500450.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_3_580000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 190a51f41ef361d33bfa81698acc1348fdb76df4dcbf211a6dfeeae8dfbe8205
                                                                                                                                                                                                                                                                                          • Instruction ID: b2399e52c2e10b48e71244cbcbf5a08f9cf1247b6ce87273e8b5f428d373d68a
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 190a51f41ef361d33bfa81698acc1348fdb76df4dcbf211a6dfeeae8dfbe8205
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EBF012C580C7C11FE35323B45C657943F606B6721CF1B05CBD1D4DA0E3D654090A8727
                                                                                                                                                                                                                                                                                          Function 00580814 Relevance: 1.5, APIs: 1, Instructions: 26nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtProtectVirtualMemory.NTDLL(?), ref: 00580856
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000013.00000003.1283500450.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_3_580000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: MemoryProtectVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2706961497-0
                                                                                                                                                                                                                                                                                          • Opcode ID: a7512f518d9cd3fd1093e4f2270c633ac2325be1cc000d8372d1ddfaef692cf0
                                                                                                                                                                                                                                                                                          • Instruction ID: de6148d5e2a37317b73f49dd256cd53d5e6be6b8bc09a2511647f1e7673538ed
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7512f518d9cd3fd1093e4f2270c633ac2325be1cc000d8372d1ddfaef692cf0
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72F05AC691E3D02EE743A3B458697487FB01B67209F0A80CAC6919B0E3E6A84909C736
                                                                                                                                                                                                                                                                                          Function 005827A0 Relevance: 1.5, APIs: 1, Instructions: 19memorynativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 23 5827a0-5827d1 NtAllocateVirtualMemory 24 58329d 23->24
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL ref: 005827CB
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000013.00000002.1314625876.0000000000581000.00000040.00001000.00020000.00000000.sdmp, Offset: 00581000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_581000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction ID: 839d6ec4772674dacb666878efba19ddd3390b29d1b438d06bac7fee83e91bdc
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CBE0928691E3D40EE70393745864A447FB16F67118F4B85DBD0D5CA0E3D6889A0AC326
                                                                                                                                                                                                                                                                                          Function 005827A0 Relevance: 1.5, APIs: 1, Instructions: 19memorynativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL(?,42025366), ref: 005827CB
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000013.00000003.1283500450.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_3_580000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction ID: 839d6ec4772674dacb666878efba19ddd3390b29d1b438d06bac7fee83e91bdc
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CBE0928691E3D40EE70393745864A447FB16F67118F4B85DBD0D5CA0E3D6889A0AC326
                                                                                                                                                                                                                                                                                          Function 00581457 Relevance: 1.5, APIs: 1, Instructions: 9nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtFreeVirtualMemory.NTDLL(00000000,F40368AB), ref: 00582750
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000013.00000003.1283500450.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_3_580000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FreeMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3963845541-0
                                                                                                                                                                                                                                                                                          • Opcode ID: b48d3e1404e8900d199013f262c6db174cb68df81b1b54382843596abfa5e2cd
                                                                                                                                                                                                                                                                                          • Instruction ID: 5b4c61e3541e61943ce17f36dd31cb3302a356b308178b8740e8ab0626fe4fb1
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b48d3e1404e8900d199013f262c6db174cb68df81b1b54382843596abfa5e2cd
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9BB01220004002374C80B3F49C5FC3D0C4879D93887201D117C13F10D58C2492289777
                                                                                                                                                                                                                                                                                          Function 00582740 Relevance: 1.5, APIs: 1, Instructions: 8nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 25 582740-582752 NtFreeVirtualMemory 28 582e0f-582e10 25->28
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000013.00000002.1314625876.0000000000581000.00000040.00001000.00020000.00000000.sdmp, Offset: 00581000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_19_2_581000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FreeMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3963845541-0
                                                                                                                                                                                                                                                                                          • Opcode ID: daf8ff062a64d71ed8538d5a4dfc0d1fcbc3b82ee8d6e8e9fd10b4b60d0c9c1d
                                                                                                                                                                                                                                                                                          • Instruction ID: ad039ab2e288e08059565d30b9f12d460746abbb12708d87fe84742c506b0f20
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: daf8ff062a64d71ed8538d5a4dfc0d1fcbc3b82ee8d6e8e9fd10b4b60d0c9c1d
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8B01210004002374880B3F49C5F82D0C0835D93883101D113C12F10C58C2492288776

                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                          Execution Coverage:13.5%
                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                                                                                          Total number of Nodes:12
                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:2
                                                                                                                                                                                                                                                                                          execution_graph 235 4a3519 236 4a19c1 235->236 236->235 237 4a36b6 NtQuerySystemInformation 236->237 239 4a19d7 236->239 237->236 238 4a36c9 237->238 238->238 240 4a2740 241 4a2745 NtFreeVirtualMemory 240->241 243 4a2e0f 241->243 244 4a11e7 245 4a1221 244->245 247 4a27a0 NtAllocateVirtualMemory 245->247 248 4a329d 247->248 248->245

                                                                                                                                                                                                                                                                                          Callgraph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          • Opacity -> Relevance
                                                                                                                                                                                                                                                                                          • Disassembly available
                                                                                                                                                                                                                                                                                          callgraph 0 Function_004A19CD 1 Function_004A1FCD 2 Function_004A1C42 3 Function_004A2642 4 Function_004A1343 53 Function_004A2E13 4->53 5 Function_004A2740 6 Function_004A18C6 7 Function_004A2D47 8 Function_004A3047 9 Function_004A245A 10 Function_004A2DDB 11 Function_004A31D9 12 Function_004A33D9 13 Function_004A1FDD 14 Function_004A32D3 15 Function_004A2454 16 Function_004A1454 17 Function_004A1D68 18 Function_004A2569 19 Function_004A1D6E 20 Function_004A1A6D 21 Function_004A1CED 22 Function_004A2F62 23 Function_004A2863 24 Function_004A1CE3 25 Function_004A11E7 25->17 63 Function_004A27A0 25->63 26 Function_004A20E4 27 Function_004A3265 28 Function_004A187A 29 Function_004A1DFA 30 Function_004A2378 31 Function_004A227E 32 Function_004A25FE 33 Function_004A2EF1 34 Function_004A21F7 35 Function_004A1174 60 Function_004A10A2 35->60 36 Function_004A2275 37 Function_004A310A 38 Function_004A1608 39 Function_004A2989 40 Function_004A178F 41 Function_004A348F 42 Function_004A1B02 43 Function_004A1582 44 Function_004A3000 45 Function_004A2A85 46 Function_004A2E1B 47 Function_004A2D9B 48 Function_004A3198 49 Function_004A3519 50 Function_004A2419 51 Function_004A2F99 52 Function_004A1712 54 Function_004A1414 55 Function_004A3095 55->53 56 Function_004A2FA8 57 Function_004A12AE 58 Function_004A28AF 59 Function_004A292D 61 Function_004A2023 79 Function_004A1B35 61->79 62 Function_004A3623 64 Function_004A2520 65 Function_004A24A0 66 Function_004A1B3B 67 Function_004A223B 68 Function_004A1339 68->53 69 Function_004A2D3F 70 Function_004A1BBC 71 Function_004A303D 72 Function_004A1D33 73 Function_004A17B3 74 Function_004A2EB3 75 Function_004A22B0 76 Function_004A2131 77 Function_004A25B7 78 Function_004A1035

                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                          Function 004A04CC Relevance: 1.5, APIs: 1, Instructions: 48nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtQuerySystemInformation.NTDLL(00000000,FB145B9B,E0605F88,00000002,?), ref: 004A36B6
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000015.00000003.1302276429.00000000004A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004A0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_3_4a0000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 8d827ceb1cc416b39031b6256c29159742f08048d30b83f4891e398e95171e99
                                                                                                                                                                                                                                                                                          • Instruction ID: 9684a9dc54092e71cd95979a0bc494e26096f923e557d097d1d4e0b040170a01
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d827ceb1cc416b39031b6256c29159742f08048d30b83f4891e398e95171e99
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE117C9180D3D46ED7239B348864A683FB05B27304F1A41CBE1C5DB0E3E66D4A49CB2B
                                                                                                                                                                                                                                                                                          Function 004A3519 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 13 4a3519-4a3548 14 4a3550-4a3556 13->14 15 4a36b1-4a36c3 NtQuerySystemInformation 14->15 17 4a36c9 15->17 18 4a19c1-4a19c6 15->18 17->17 19 4a19cc-4a19d1 18->19 20 4a34c1-4a34c7 18->20 19->20 21 4a19d7-4a34c0 19->21 20->13
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtQuerySystemInformation.NTDLL ref: 004A36B6
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000015.00000002.1321083457.00000000004A1000.00000040.00001000.00020000.00000000.sdmp, Offset: 004A1000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_4a1000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 2171132a724ee702e00d67cb4ae17207dee643bdc257fb58d7537d09c28e9070
                                                                                                                                                                                                                                                                                          • Instruction ID: 1b0940f5d3bff56c939d5e0e23f68cbd6c6794a824cac986e75bf29a2ad2ac57
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2171132a724ee702e00d67cb4ae17207dee643bdc257fb58d7537d09c28e9070
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE014FD580C7C45FD3138BA498A07983FA06B3B31DF1605D7D194DA1D3E66C4E06972B
                                                                                                                                                                                                                                                                                          Function 004A0335 Relevance: 1.5, APIs: 1, Instructions: 29memorynativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL(?,42025366), ref: 004A27CB
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000015.00000003.1302276429.00000000004A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004A0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_3_4a0000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 7fc04df0d5d77a41f467c6adf8d35f92e442f5b7f77c8826fd2060193fd8791e
                                                                                                                                                                                                                                                                                          • Instruction ID: d3e8f39a1f468ad4cfae6dc26d1933e4fa5c78cd29462b2e797025935d516040
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7fc04df0d5d77a41f467c6adf8d35f92e442f5b7f77c8826fd2060193fd8791e
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9F0F8DA80D7D02EF3235674A8A5B842FA09B77248F0B44CBD0C4DA0A3D5A94A4B8327
                                                                                                                                                                                                                                                                                          Function 004A3519 Relevance: 1.5, APIs: 1, Instructions: 26nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtQuerySystemInformation.NTDLL(00000000,FB145B9B,E0605F88,00000002,?), ref: 004A36B6
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000015.00000003.1302276429.00000000004A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004A0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_3_4a0000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 190a51f41ef361d33bfa81698acc1348fdb76df4dcbf211a6dfeeae8dfbe8205
                                                                                                                                                                                                                                                                                          • Instruction ID: b999b85e6dbb67e8b6616ddb13001487a2c97890b4df1d0bb3204d587419b43f
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 190a51f41ef361d33bfa81698acc1348fdb76df4dcbf211a6dfeeae8dfbe8205
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2BF0F8C680C7C01EE31313A49CA1B953FA05B3B21DF1B05CBD1D4CA0E3D6680A0B872B
                                                                                                                                                                                                                                                                                          Function 004A0814 Relevance: 1.5, APIs: 1, Instructions: 26nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtProtectVirtualMemory.NTDLL(?), ref: 004A0856
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000015.00000003.1302276429.00000000004A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004A0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_3_4a0000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: MemoryProtectVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2706961497-0
                                                                                                                                                                                                                                                                                          • Opcode ID: a7512f518d9cd3fd1093e4f2270c633ac2325be1cc000d8372d1ddfaef692cf0
                                                                                                                                                                                                                                                                                          • Instruction ID: 9e57df98fd680d5aabd01e47c9aaea980fd6be3b7509ffa2f736236c6c71e869
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7512f518d9cd3fd1093e4f2270c633ac2325be1cc000d8372d1ddfaef692cf0
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47F05FD691E3D02EE70393B458687487FB01B67209F0A80CBC1919B0E3E6A949098736
                                                                                                                                                                                                                                                                                          Function 004A27A0 Relevance: 1.5, APIs: 1, Instructions: 19memorynativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL(?,42025366), ref: 004A27CB
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000015.00000003.1302276429.00000000004A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004A0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_3_4a0000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction ID: d70c0f9adf970425e471706ef103dbb25707ba24c0adc6c3188152baa643cd6d
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8E0928691E3D40EE70393745864A447FB15F67118F0B85DBD0D5CA0E3D6489A0AC327
                                                                                                                                                                                                                                                                                          Function 004A27A0 Relevance: 1.5, APIs: 1, Instructions: 19memorynativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 23 4a27a0-4a27d1 NtAllocateVirtualMemory 24 4a329d 23->24
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL ref: 004A27CB
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000015.00000002.1321083457.00000000004A1000.00000040.00001000.00020000.00000000.sdmp, Offset: 004A1000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_4a1000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction ID: d70c0f9adf970425e471706ef103dbb25707ba24c0adc6c3188152baa643cd6d
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8E0928691E3D40EE70393745864A447FB15F67118F0B85DBD0D5CA0E3D6489A0AC327
                                                                                                                                                                                                                                                                                          Function 004A1457 Relevance: 1.5, APIs: 1, Instructions: 9nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtFreeVirtualMemory.NTDLL(00000000,F40368AB), ref: 004A2750
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000015.00000003.1302276429.00000000004A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004A0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_3_4a0000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FreeMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3963845541-0
                                                                                                                                                                                                                                                                                          • Opcode ID: b48d3e1404e8900d199013f262c6db174cb68df81b1b54382843596abfa5e2cd
                                                                                                                                                                                                                                                                                          • Instruction ID: e7be456643c36df2f9fe584c98730d6ce4677f8e31a35520dd1ba839a9475a8f
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b48d3e1404e8900d199013f262c6db174cb68df81b1b54382843596abfa5e2cd
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D5B01215008400365820F3FD9953C3E0004187738C3200D077413F14154CBC836B747F
                                                                                                                                                                                                                                                                                          Function 004A2740 Relevance: 1.5, APIs: 1, Instructions: 8nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 25 4a2740-4a2752 NtFreeVirtualMemory 28 4a2e0f-4a2e10 25->28
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000015.00000002.1321083457.00000000004A1000.00000040.00001000.00020000.00000000.sdmp, Offset: 004A1000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_21_2_4a1000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FreeMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3963845541-0
                                                                                                                                                                                                                                                                                          • Opcode ID: daf8ff062a64d71ed8538d5a4dfc0d1fcbc3b82ee8d6e8e9fd10b4b60d0c9c1d
                                                                                                                                                                                                                                                                                          • Instruction ID: 17f08aa61a7e9805dbf946ccd5299c66d5a6e6ce612dd65dafbb572c3030bb8a
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: daf8ff062a64d71ed8538d5a4dfc0d1fcbc3b82ee8d6e8e9fd10b4b60d0c9c1d
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24B01211008000365820F3F9985281E0004147738C3100D073412F10054C7C826A547A

                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                          Execution Coverage:13.5%
                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                                                                                          Total number of Nodes:12
                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:2
                                                                                                                                                                                                                                                                                          execution_graph 235 4a3519 236 4a19c1 235->236 236->235 237 4a36b6 NtQuerySystemInformation 236->237 239 4a19d7 236->239 237->236 238 4a36c9 237->238 238->238 240 4a2740 241 4a2745 NtFreeVirtualMemory 240->241 243 4a2e0f 241->243 244 4a11e7 245 4a1221 244->245 247 4a27a0 NtAllocateVirtualMemory 245->247 248 4a329d 247->248 248->245

                                                                                                                                                                                                                                                                                          Callgraph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          • Opacity -> Relevance
                                                                                                                                                                                                                                                                                          • Disassembly available
                                                                                                                                                                                                                                                                                          callgraph 0 Function_004A19CD 1 Function_004A1FCD 2 Function_004A1C42 3 Function_004A2642 4 Function_004A1343 53 Function_004A2E13 4->53 5 Function_004A2740 6 Function_004A18C6 7 Function_004A2D47 8 Function_004A3047 9 Function_004A245A 10 Function_004A2DDB 11 Function_004A31D9 12 Function_004A33D9 13 Function_004A1FDD 14 Function_004A32D3 15 Function_004A2454 16 Function_004A1454 17 Function_004A1D68 18 Function_004A2569 19 Function_004A1D6E 20 Function_004A1A6D 21 Function_004A1CED 22 Function_004A2F62 23 Function_004A2863 24 Function_004A1CE3 25 Function_004A11E7 25->17 63 Function_004A27A0 25->63 26 Function_004A20E4 27 Function_004A3265 28 Function_004A187A 29 Function_004A1DFA 30 Function_004A2378 31 Function_004A227E 32 Function_004A25FE 33 Function_004A2EF1 34 Function_004A21F7 35 Function_004A1174 60 Function_004A10A2 35->60 36 Function_004A2275 37 Function_004A310A 38 Function_004A1608 39 Function_004A2989 40 Function_004A178F 41 Function_004A348F 42 Function_004A1B02 43 Function_004A1582 44 Function_004A3000 45 Function_004A2A85 46 Function_004A2E1B 47 Function_004A2D9B 48 Function_004A3198 49 Function_004A3519 50 Function_004A2419 51 Function_004A2F99 52 Function_004A1712 54 Function_004A1414 55 Function_004A3095 55->53 56 Function_004A2FA8 57 Function_004A12AE 58 Function_004A28AF 59 Function_004A292D 61 Function_004A2023 79 Function_004A1B35 61->79 62 Function_004A3623 64 Function_004A2520 65 Function_004A24A0 66 Function_004A1B3B 67 Function_004A223B 68 Function_004A1339 68->53 69 Function_004A2D3F 70 Function_004A1BBC 71 Function_004A303D 72 Function_004A1D33 73 Function_004A17B3 74 Function_004A2EB3 75 Function_004A22B0 76 Function_004A2131 77 Function_004A25B7 78 Function_004A1035

                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                          Function 004A04CC Relevance: 1.5, APIs: 1, Instructions: 48nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtQuerySystemInformation.NTDLL(00000000,FB145B9B,E0605F88,00000002,?), ref: 004A36B6
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 0000001F.00000003.1344316040.00000000004A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004A0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_31_3_4a0000_loaddll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 8d827ceb1cc416b39031b6256c29159742f08048d30b83f4891e398e95171e99
                                                                                                                                                                                                                                                                                          • Instruction ID: 9684a9dc54092e71cd95979a0bc494e26096f923e557d097d1d4e0b040170a01
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d827ceb1cc416b39031b6256c29159742f08048d30b83f4891e398e95171e99
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE117C9180D3D46ED7239B348864A683FB05B27304F1A41CBE1C5DB0E3E66D4A49CB2B
                                                                                                                                                                                                                                                                                          Function 004A3519 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 13 4a3519-4a3548 14 4a3550-4a3556 13->14 15 4a36b1-4a36c3 NtQuerySystemInformation 14->15 17 4a36c9 15->17 18 4a19c1-4a19c6 15->18 17->17 19 4a19cc-4a19d1 18->19 20 4a34c1-4a34c7 18->20 19->20 21 4a19d7-4a34c0 19->21 20->13
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtQuerySystemInformation.NTDLL ref: 004A36B6
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 0000001F.00000002.1351116722.00000000004A1000.00000040.00001000.00020000.00000000.sdmp, Offset: 004A1000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_31_2_4a1000_loaddll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 2171132a724ee702e00d67cb4ae17207dee643bdc257fb58d7537d09c28e9070
                                                                                                                                                                                                                                                                                          • Instruction ID: 1b0940f5d3bff56c939d5e0e23f68cbd6c6794a824cac986e75bf29a2ad2ac57
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2171132a724ee702e00d67cb4ae17207dee643bdc257fb58d7537d09c28e9070
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE014FD580C7C45FD3138BA498A07983FA06B3B31DF1605D7D194DA1D3E66C4E06972B
                                                                                                                                                                                                                                                                                          Function 004A0335 Relevance: 1.5, APIs: 1, Instructions: 29memorynativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL(?,42025366), ref: 004A27CB
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 0000001F.00000003.1344316040.00000000004A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004A0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_31_3_4a0000_loaddll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 7fc04df0d5d77a41f467c6adf8d35f92e442f5b7f77c8826fd2060193fd8791e
                                                                                                                                                                                                                                                                                          • Instruction ID: d3e8f39a1f468ad4cfae6dc26d1933e4fa5c78cd29462b2e797025935d516040
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7fc04df0d5d77a41f467c6adf8d35f92e442f5b7f77c8826fd2060193fd8791e
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9F0F8DA80D7D02EF3235674A8A5B842FA09B77248F0B44CBD0C4DA0A3D5A94A4B8327
                                                                                                                                                                                                                                                                                          Function 004A3519 Relevance: 1.5, APIs: 1, Instructions: 26nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtQuerySystemInformation.NTDLL(00000000,FB145B9B,E0605F88,00000002,?), ref: 004A36B6
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 0000001F.00000003.1344316040.00000000004A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004A0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_31_3_4a0000_loaddll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 190a51f41ef361d33bfa81698acc1348fdb76df4dcbf211a6dfeeae8dfbe8205
                                                                                                                                                                                                                                                                                          • Instruction ID: b999b85e6dbb67e8b6616ddb13001487a2c97890b4df1d0bb3204d587419b43f
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 190a51f41ef361d33bfa81698acc1348fdb76df4dcbf211a6dfeeae8dfbe8205
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2BF0F8C680C7C01EE31313A49CA1B953FA05B3B21DF1B05CBD1D4CA0E3D6680A0B872B
                                                                                                                                                                                                                                                                                          Function 004A0814 Relevance: 1.5, APIs: 1, Instructions: 26nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtProtectVirtualMemory.NTDLL(?), ref: 004A0856
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 0000001F.00000003.1344316040.00000000004A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004A0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_31_3_4a0000_loaddll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: MemoryProtectVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2706961497-0
                                                                                                                                                                                                                                                                                          • Opcode ID: a7512f518d9cd3fd1093e4f2270c633ac2325be1cc000d8372d1ddfaef692cf0
                                                                                                                                                                                                                                                                                          • Instruction ID: 9e57df98fd680d5aabd01e47c9aaea980fd6be3b7509ffa2f736236c6c71e869
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7512f518d9cd3fd1093e4f2270c633ac2325be1cc000d8372d1ddfaef692cf0
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 47F05FD691E3D02EE70393B458687487FB01B67209F0A80CBC1919B0E3E6A949098736
                                                                                                                                                                                                                                                                                          Function 004A27A0 Relevance: 1.5, APIs: 1, Instructions: 19memorynativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL(?,42025366), ref: 004A27CB
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 0000001F.00000003.1344316040.00000000004A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004A0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_31_3_4a0000_loaddll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction ID: d70c0f9adf970425e471706ef103dbb25707ba24c0adc6c3188152baa643cd6d
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8E0928691E3D40EE70393745864A447FB15F67118F0B85DBD0D5CA0E3D6489A0AC327
                                                                                                                                                                                                                                                                                          Function 004A27A0 Relevance: 1.5, APIs: 1, Instructions: 19memorynativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 23 4a27a0-4a27d1 NtAllocateVirtualMemory 24 4a329d 23->24
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL ref: 004A27CB
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 0000001F.00000002.1351116722.00000000004A1000.00000040.00001000.00020000.00000000.sdmp, Offset: 004A1000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_31_2_4a1000_loaddll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction ID: d70c0f9adf970425e471706ef103dbb25707ba24c0adc6c3188152baa643cd6d
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8E0928691E3D40EE70393745864A447FB15F67118F0B85DBD0D5CA0E3D6489A0AC327
                                                                                                                                                                                                                                                                                          Function 004A1457 Relevance: 1.5, APIs: 1, Instructions: 9nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtFreeVirtualMemory.NTDLL(00000000,F40368AB), ref: 004A2750
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 0000001F.00000003.1344316040.00000000004A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004A0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_31_3_4a0000_loaddll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FreeMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3963845541-0
                                                                                                                                                                                                                                                                                          • Opcode ID: b48d3e1404e8900d199013f262c6db174cb68df81b1b54382843596abfa5e2cd
                                                                                                                                                                                                                                                                                          • Instruction ID: e7be456643c36df2f9fe584c98730d6ce4677f8e31a35520dd1ba839a9475a8f
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b48d3e1404e8900d199013f262c6db174cb68df81b1b54382843596abfa5e2cd
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D5B01215008400365820F3FD9953C3E0004187738C3200D077413F14154CBC836B747F
                                                                                                                                                                                                                                                                                          Function 004A2740 Relevance: 1.5, APIs: 1, Instructions: 8nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 25 4a2740-4a2752 NtFreeVirtualMemory 28 4a2e0f-4a2e10 25->28
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 0000001F.00000002.1351116722.00000000004A1000.00000040.00001000.00020000.00000000.sdmp, Offset: 004A1000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_31_2_4a1000_loaddll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FreeMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3963845541-0
                                                                                                                                                                                                                                                                                          • Opcode ID: daf8ff062a64d71ed8538d5a4dfc0d1fcbc3b82ee8d6e8e9fd10b4b60d0c9c1d
                                                                                                                                                                                                                                                                                          • Instruction ID: 17f08aa61a7e9805dbf946ccd5299c66d5a6e6ce612dd65dafbb572c3030bb8a
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: daf8ff062a64d71ed8538d5a4dfc0d1fcbc3b82ee8d6e8e9fd10b4b60d0c9c1d
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 24B01211008000365820F3F9985281E0004147738C3100D073412F10054C7C826A547A

                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                          Execution Coverage:13.5%
                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                                                                                          Total number of Nodes:12
                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:2
                                                                                                                                                                                                                                                                                          execution_graph 233 5a3519 234 5a19c1 233->234 234->233 235 5a36b6 NtQuerySystemInformation 234->235 237 5a19d7 234->237 235->234 236 5a36c9 235->236 236->236 238 5a2740 239 5a2745 NtFreeVirtualMemory 238->239 241 5a2e0f 239->241 242 5a11e7 243 5a1221 242->243 245 5a27a0 NtAllocateVirtualMemory 243->245 246 5a329d 245->246 246->243

                                                                                                                                                                                                                                                                                          Callgraph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          • Opacity -> Relevance
                                                                                                                                                                                                                                                                                          • Disassembly available
                                                                                                                                                                                                                                                                                          callgraph 0 Function_005A245A 1 Function_005A2DDB 2 Function_005A31D9 3 Function_005A33D9 4 Function_005A1FDD 5 Function_005A32D3 6 Function_005A2454 7 Function_005A1454 8 Function_005A19CD 9 Function_005A1FCD 10 Function_005A2642 11 Function_005A1C42 12 Function_005A1343 44 Function_005A2E13 12->44 13 Function_005A2740 14 Function_005A18C6 15 Function_005A2D47 16 Function_005A3047 17 Function_005A187A 18 Function_005A1DFA 19 Function_005A2378 20 Function_005A227E 21 Function_005A25FE 22 Function_005A2EF1 23 Function_005A21F7 24 Function_005A1174 74 Function_005A10A2 24->74 25 Function_005A2275 26 Function_005A1D68 27 Function_005A2569 28 Function_005A1D6E 29 Function_005A1A6D 30 Function_005A1CED 31 Function_005A2F62 32 Function_005A2863 33 Function_005A1CE3 34 Function_005A11E7 34->26 77 Function_005A27A0 34->77 35 Function_005A20E4 36 Function_005A3265 37 Function_005A2E1B 38 Function_005A2D9B 39 Function_005A3198 40 Function_005A3519 41 Function_005A2419 42 Function_005A2F99 43 Function_005A1712 45 Function_005A1414 46 Function_005A3095 46->44 47 Function_005A310A 48 Function_005A1608 49 Function_005A2989 50 Function_005A178F 51 Function_005A348F 52 Function_005A1B02 53 Function_005A1582 54 Function_005A3000 55 Function_005A2A85 56 Function_005A1B3B 57 Function_005A223B 58 Function_005A1339 58->44 59 Function_005A2D3F 60 Function_005A1BBC 61 Function_005A303D 62 Function_005A1D33 63 Function_005A17B3 64 Function_005A2EB3 65 Function_005A22B0 66 Function_005A2131 67 Function_005A25B7 68 Function_005A1035 69 Function_005A1B35 70 Function_005A2FA8 71 Function_005A12AE 72 Function_005A28AF 73 Function_005A292D 75 Function_005A2023 75->69 76 Function_005A3623 78 Function_005A2520 79 Function_005A24A0

                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                          Function 005A04CC Relevance: 1.5, APIs: 1, Instructions: 48nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtQuerySystemInformation.NTDLL(00000000,FB145B9B,E0605F88,00000002,?), ref: 005A36B6
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000024.00000003.1349821562.00000000005A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005A0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_36_3_5a0000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 8d827ceb1cc416b39031b6256c29159742f08048d30b83f4891e398e95171e99
                                                                                                                                                                                                                                                                                          • Instruction ID: 7167152b5a4cbc6df6478e307064853d11c818336468a207997bcd96d11eb11d
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d827ceb1cc416b39031b6256c29159742f08048d30b83f4891e398e95171e99
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3C117C9180D3D55ED7138B348868A6C3FB07B07308F1A45CBE1C5DB0E3D6694A49CB22
                                                                                                                                                                                                                                                                                          Function 005A3519 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 13 5a3519-5a3548 14 5a3550-5a3556 13->14 15 5a36b1-5a36c3 NtQuerySystemInformation 14->15 17 5a36c9 15->17 18 5a19c1-5a19c6 15->18 17->17 19 5a19cc-5a19d1 18->19 20 5a34c1-5a34c7 18->20 19->20 21 5a19d7-5a34c0 19->21 20->13
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtQuerySystemInformation.NTDLL ref: 005A36B6
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000024.00000002.1366939056.00000000005A1000.00000040.00001000.00020000.00000000.sdmp, Offset: 005A1000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_36_2_5a1000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 2171132a724ee702e00d67cb4ae17207dee643bdc257fb58d7537d09c28e9070
                                                                                                                                                                                                                                                                                          • Instruction ID: d22fdbaa4bbd378470aff912dc374eefde1804ec80810e428aa1c873c04a8dde
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2171132a724ee702e00d67cb4ae17207dee643bdc257fb58d7537d09c28e9070
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53016D92C0C7C44FD71387A498A579C3FA07B6B31CF1A05D6E198DA0E3D6284E068726
                                                                                                                                                                                                                                                                                          Function 005A0335 Relevance: 1.5, APIs: 1, Instructions: 29memorynativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL(?,42025366), ref: 005A27CB
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000024.00000003.1349821562.00000000005A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005A0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_36_3_5a0000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 7fc04df0d5d77a41f467c6adf8d35f92e442f5b7f77c8826fd2060193fd8791e
                                                                                                                                                                                                                                                                                          • Instruction ID: 7ec200982612516b41ff99af3772dbd0e790248a387137c8a2f6d3a550dfcb08
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7fc04df0d5d77a41f467c6adf8d35f92e442f5b7f77c8826fd2060193fd8791e
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3FF0F8DA81D7D02EF3135274A8A5B882FA0AB77248F0B44C7D0C4DA0E3D5694A4A8326
                                                                                                                                                                                                                                                                                          Function 005A3519 Relevance: 1.5, APIs: 1, Instructions: 26nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtQuerySystemInformation.NTDLL(00000000,FB145B9B,E0605F88,00000002,?), ref: 005A36B6
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000024.00000003.1349821562.00000000005A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005A0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_36_3_5a0000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 190a51f41ef361d33bfa81698acc1348fdb76df4dcbf211a6dfeeae8dfbe8205
                                                                                                                                                                                                                                                                                          • Instruction ID: fa92b5394d122ede6323b188e0f33c56905c8d8294614d121273dda896118f2b
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 190a51f41ef361d33bfa81698acc1348fdb76df4dcbf211a6dfeeae8dfbe8205
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AAF0F8C681C7C11EE31313A49CA1B983FA06B6B21CF1B05CAD1D4CA0E3D6680A0A8727
                                                                                                                                                                                                                                                                                          Function 005A0814 Relevance: 1.5, APIs: 1, Instructions: 26nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtProtectVirtualMemory.NTDLL(?), ref: 005A0856
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000024.00000003.1349821562.00000000005A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005A0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_36_3_5a0000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: MemoryProtectVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2706961497-0
                                                                                                                                                                                                                                                                                          • Opcode ID: a7512f518d9cd3fd1093e4f2270c633ac2325be1cc000d8372d1ddfaef692cf0
                                                                                                                                                                                                                                                                                          • Instruction ID: a7917149c65503fb5510787fdfc51f91b7deb6fec4180f69fbc6d4b6b161a1af
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7512f518d9cd3fd1093e4f2270c633ac2325be1cc000d8372d1ddfaef692cf0
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FEF05FC692E3D02EE703937458687487FB01B67209F0A80CAC1919B0E3E6A84909C736
                                                                                                                                                                                                                                                                                          Function 005A27A0 Relevance: 1.5, APIs: 1, Instructions: 19memorynativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 23 5a27a0-5a27d1 NtAllocateVirtualMemory 24 5a329d 23->24
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL ref: 005A27CB
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000024.00000002.1366939056.00000000005A1000.00000040.00001000.00020000.00000000.sdmp, Offset: 005A1000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_36_2_5a1000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction ID: 97b00aabd36e05e8e296db25980d3f7c933e44562bf1e0dd0c8e4ddaa8364ea2
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7E0998691E3D40EE70393745864A887FB16F6B218F4B85DBD0D5CA0E3D6889A0AC326
                                                                                                                                                                                                                                                                                          Function 005A27A0 Relevance: 1.5, APIs: 1, Instructions: 19memorynativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL(?,42025366), ref: 005A27CB
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000024.00000003.1349821562.00000000005A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005A0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_36_3_5a0000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction ID: 97b00aabd36e05e8e296db25980d3f7c933e44562bf1e0dd0c8e4ddaa8364ea2
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7E0998691E3D40EE70393745864A887FB16F6B218F4B85DBD0D5CA0E3D6889A0AC326
                                                                                                                                                                                                                                                                                          Function 005A1457 Relevance: 1.5, APIs: 1, Instructions: 9nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtFreeVirtualMemory.NTDLL(00000000,F40368AB), ref: 005A2750
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000024.00000003.1349821562.00000000005A0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005A0000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_36_3_5a0000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FreeMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3963845541-0
                                                                                                                                                                                                                                                                                          • Opcode ID: b48d3e1404e8900d199013f262c6db174cb68df81b1b54382843596abfa5e2cd
                                                                                                                                                                                                                                                                                          • Instruction ID: 10de1ef93049f9edfc7638b3294f514d13eb7cbaa16adee82e546af16e402801
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b48d3e1404e8900d199013f262c6db174cb68df81b1b54382843596abfa5e2cd
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F7B01201028002374C00F3FC9C5BC3D0C0878D73887201D017413F10954C3493699473
                                                                                                                                                                                                                                                                                          Function 005A2740 Relevance: 1.5, APIs: 1, Instructions: 8nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 25 5a2740-5a2752 NtFreeVirtualMemory 28 5a2e0f-5a2e10 25->28
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000024.00000002.1366939056.00000000005A1000.00000040.00001000.00020000.00000000.sdmp, Offset: 005A1000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_36_2_5a1000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FreeMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3963845541-0
                                                                                                                                                                                                                                                                                          • Opcode ID: daf8ff062a64d71ed8538d5a4dfc0d1fcbc3b82ee8d6e8e9fd10b4b60d0c9c1d
                                                                                                                                                                                                                                                                                          • Instruction ID: 70a213310a24cbadcbf94d1cc24cfd55b77f69e82ee923f17fedd40a2b9c651c
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: daf8ff062a64d71ed8538d5a4dfc0d1fcbc3b82ee8d6e8e9fd10b4b60d0c9c1d
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B2B01201028002374800F3F89C5B82D0C0834D73883101D013412F10854C3492698472

                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                          Execution Coverage:13.5%
                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                                                                                          Total number of Nodes:12
                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:2
                                                                                                                                                                                                                                                                                          execution_graph 233 583519 236 5819c1 233->236 234 5836b6 NtQuerySystemInformation 235 5836c9 234->235 234->236 235->235 236->233 236->234 237 5819d7 236->237 238 582740 239 582745 NtFreeVirtualMemory 238->239 241 582e0f 239->241 242 5811e7 243 581221 242->243 245 5827a0 NtAllocateVirtualMemory 243->245 246 58329d 245->246 246->243

                                                                                                                                                                                                                                                                                          Callgraph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          • Opacity -> Relevance
                                                                                                                                                                                                                                                                                          • Disassembly available
                                                                                                                                                                                                                                                                                          callgraph 0 Function_005831D9 1 Function_005833D9 2 Function_0058245A 3 Function_00582DDB 4 Function_00581FDD 5 Function_005832D3 6 Function_00582454 7 Function_00581454 8 Function_005819CD 9 Function_00581FCD 10 Function_00582740 11 Function_00582642 12 Function_00581C42 13 Function_00581343 44 Function_00582E13 13->44 14 Function_005818C6 15 Function_00582D47 16 Function_00583047 17 Function_00582378 18 Function_0058187A 19 Function_00581DFA 20 Function_0058227E 21 Function_005825FE 22 Function_00582EF1 23 Function_00581174 77 Function_005810A2 23->77 24 Function_00582275 25 Function_005821F7 26 Function_00581D68 27 Function_00582569 28 Function_00581A6D 29 Function_00581CED 30 Function_00581D6E 31 Function_00582F62 32 Function_00582863 33 Function_00581CE3 34 Function_005820E4 35 Function_00583265 36 Function_005811E7 36->26 74 Function_005827A0 36->74 37 Function_00583198 38 Function_00583519 39 Function_00582419 40 Function_00582F99 41 Function_00582E1B 42 Function_00582D9B 43 Function_00581712 45 Function_00581414 46 Function_00583095 46->44 47 Function_00581608 48 Function_00582989 49 Function_0058310A 50 Function_0058178F 51 Function_0058348F 52 Function_00583000 53 Function_00581B02 54 Function_00581582 55 Function_00582A85 56 Function_00581339 56->44 57 Function_00581B3B 58 Function_0058223B 59 Function_00581BBC 60 Function_0058303D 61 Function_00582D3F 62 Function_005822B0 63 Function_00582131 64 Function_00581D33 65 Function_005817B3 66 Function_00582EB3 67 Function_00581035 68 Function_00581B35 69 Function_005825B7 70 Function_00582FA8 71 Function_0058292D 72 Function_005812AE 73 Function_005828AF 75 Function_00582520 76 Function_005824A0 78 Function_00582023 78->68 79 Function_00583623

                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                          Function 005804CC Relevance: 1.5, APIs: 1, Instructions: 48nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtQuerySystemInformation.NTDLL(00000000,FB145B9B,E0605F88,00000002,?), ref: 005836B6
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000028.00000003.1370500329.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_40_3_580000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 8d827ceb1cc416b39031b6256c29159742f08048d30b83f4891e398e95171e99
                                                                                                                                                                                                                                                                                          • Instruction ID: 5a54d039d93784823c6370fdc238d3d4f15c2596e8cbafdab10a3e54e7013d3f
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d827ceb1cc416b39031b6256c29159742f08048d30b83f4891e398e95171e99
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 74118EA080D3D45FD713A7348868A683FB07F03304F1A49CBD5C5EB0E3D6694A49CB22
                                                                                                                                                                                                                                                                                          Function 00583519 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 13 583519-583548 14 583550-583556 13->14 15 5836b1-5836c3 NtQuerySystemInformation 14->15 17 5836c9 15->17 18 5819c1-5819c6 15->18 17->17 19 5819cc-5819d1 18->19 20 5834c1-5834c7 18->20 19->20 21 5819d7-5834c0 19->21 20->13
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtQuerySystemInformation.NTDLL ref: 005836B6
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000028.00000002.1374752197.0000000000581000.00000040.00001000.00020000.00000000.sdmp, Offset: 00581000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_40_2_581000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 2171132a724ee702e00d67cb4ae17207dee643bdc257fb58d7537d09c28e9070
                                                                                                                                                                                                                                                                                          • Instruction ID: f1b0d89803623b402603851ef84ec7ed3e68c97df3dd2ae42c6ea2252ce62fb2
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2171132a724ee702e00d67cb4ae17207dee643bdc257fb58d7537d09c28e9070
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A20186D1C0C7C44FE753A3A498A57983FA07B5731CF1709D6D5D5EA0E3D6284A068727
                                                                                                                                                                                                                                                                                          Function 00580335 Relevance: 1.5, APIs: 1, Instructions: 29memorynativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL(?,42025366), ref: 005827CB
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000028.00000003.1370500329.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_40_3_580000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 7fc04df0d5d77a41f467c6adf8d35f92e442f5b7f77c8826fd2060193fd8791e
                                                                                                                                                                                                                                                                                          • Instruction ID: 5e3cce2650967e75afb53f7bb49bdbc45ce92907c17ac69820e0ee4c4db048cf
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7fc04df0d5d77a41f467c6adf8d35f92e442f5b7f77c8826fd2060193fd8791e
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E6F01CDA80D7D02EF3136274A8A5B843FA0AB77248F0B44C7D4C4DB0E3D5A94A4E8326
                                                                                                                                                                                                                                                                                          Function 00583519 Relevance: 1.5, APIs: 1, Instructions: 26nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtQuerySystemInformation.NTDLL(00000000,FB145B9B,E0605F88,00000002,?), ref: 005836B6
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000028.00000003.1370500329.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_40_3_580000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 190a51f41ef361d33bfa81698acc1348fdb76df4dcbf211a6dfeeae8dfbe8205
                                                                                                                                                                                                                                                                                          • Instruction ID: b2399e52c2e10b48e71244cbcbf5a08f9cf1247b6ce87273e8b5f428d373d68a
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 190a51f41ef361d33bfa81698acc1348fdb76df4dcbf211a6dfeeae8dfbe8205
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EBF012C580C7C11FE35323B45C657943F606B6721CF1B05CBD1D4DA0E3D654090A8727
                                                                                                                                                                                                                                                                                          Function 00580814 Relevance: 1.5, APIs: 1, Instructions: 26nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtProtectVirtualMemory.NTDLL(?), ref: 00580856
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000028.00000003.1370500329.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_40_3_580000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: MemoryProtectVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2706961497-0
                                                                                                                                                                                                                                                                                          • Opcode ID: a7512f518d9cd3fd1093e4f2270c633ac2325be1cc000d8372d1ddfaef692cf0
                                                                                                                                                                                                                                                                                          • Instruction ID: de6148d5e2a37317b73f49dd256cd53d5e6be6b8bc09a2511647f1e7673538ed
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7512f518d9cd3fd1093e4f2270c633ac2325be1cc000d8372d1ddfaef692cf0
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 72F05AC691E3D02EE743A3B458697487FB01B67209F0A80CAC6919B0E3E6A84909C736
                                                                                                                                                                                                                                                                                          Function 005827A0 Relevance: 1.5, APIs: 1, Instructions: 19memorynativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL(?,42025366), ref: 005827CB
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000028.00000003.1370500329.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_40_3_580000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction ID: 839d6ec4772674dacb666878efba19ddd3390b29d1b438d06bac7fee83e91bdc
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CBE0928691E3D40EE70393745864A447FB16F67118F4B85DBD0D5CA0E3D6889A0AC326
                                                                                                                                                                                                                                                                                          Function 005827A0 Relevance: 1.5, APIs: 1, Instructions: 19memorynativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 23 5827a0-5827d1 NtAllocateVirtualMemory 24 58329d 23->24
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL ref: 005827CB
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000028.00000002.1374752197.0000000000581000.00000040.00001000.00020000.00000000.sdmp, Offset: 00581000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_40_2_581000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction ID: 839d6ec4772674dacb666878efba19ddd3390b29d1b438d06bac7fee83e91bdc
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CBE0928691E3D40EE70393745864A447FB16F67118F4B85DBD0D5CA0E3D6889A0AC326
                                                                                                                                                                                                                                                                                          Function 00581457 Relevance: 1.5, APIs: 1, Instructions: 9nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtFreeVirtualMemory.NTDLL(00000000,F40368AB), ref: 00582750
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000028.00000003.1370500329.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_40_3_580000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FreeMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3963845541-0
                                                                                                                                                                                                                                                                                          • Opcode ID: b48d3e1404e8900d199013f262c6db174cb68df81b1b54382843596abfa5e2cd
                                                                                                                                                                                                                                                                                          • Instruction ID: 5b4c61e3541e61943ce17f36dd31cb3302a356b308178b8740e8ab0626fe4fb1
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b48d3e1404e8900d199013f262c6db174cb68df81b1b54382843596abfa5e2cd
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9BB01220004002374C80B3F49C5FC3D0C4879D93887201D117C13F10D58C2492289777
                                                                                                                                                                                                                                                                                          Function 00582740 Relevance: 1.5, APIs: 1, Instructions: 8nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 25 582740-582752 NtFreeVirtualMemory 28 582e0f-582e10 25->28
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000028.00000002.1374752197.0000000000581000.00000040.00001000.00020000.00000000.sdmp, Offset: 00581000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_40_2_581000_rundll32Srv.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FreeMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3963845541-0
                                                                                                                                                                                                                                                                                          • Opcode ID: daf8ff062a64d71ed8538d5a4dfc0d1fcbc3b82ee8d6e8e9fd10b4b60d0c9c1d
                                                                                                                                                                                                                                                                                          • Instruction ID: ad039ab2e288e08059565d30b9f12d460746abbb12708d87fe84742c506b0f20
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: daf8ff062a64d71ed8538d5a4dfc0d1fcbc3b82ee8d6e8e9fd10b4b60d0c9c1d
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E8B01210004002374880B3F49C5F82D0C0835D93883101D113C12F10C58C2492288776

                                                                                                                                                                                                                                                                                          Execution Graph

                                                                                                                                                                                                                                                                                          Execution Coverage:13.7%
                                                                                                                                                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                                                                                                                                                          Total number of Nodes:12
                                                                                                                                                                                                                                                                                          Total number of Limit Nodes:2
                                                                                                                                                                                                                                                                                          execution_graph 230 683519 231 6819c1 230->231 231->230 232 6836b6 NtQuerySystemInformation 231->232 234 6819d7 231->234 232->231 233 6836c9 232->233 233->233 235 682740 236 682745 NtFreeVirtualMemory 235->236 238 682e0f 236->238 239 6811e7 240 681221 239->240 242 6827a0 NtAllocateVirtualMemory 240->242 243 68329d 242->243 243->240

                                                                                                                                                                                                                                                                                          Callgraph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          • Opacity -> Relevance
                                                                                                                                                                                                                                                                                          • Disassembly available
                                                                                                                                                                                                                                                                                          callgraph 0 Function_00681D68 1 Function_00682569 2 Function_00681A6D 3 Function_00681CED 4 Function_00681D6E 5 Function_00682F62 6 Function_00682863 7 Function_00681CE3 8 Function_006820E4 9 Function_00683265 10 Function_006811E7 10->0 41 Function_006827A0 10->41 11 Function_00682378 12 Function_0068187A 13 Function_00681DFA 14 Function_0068227E 15 Function_006825FE 16 Function_00682EF1 17 Function_00681174 44 Function_006810A2 17->44 18 Function_00682275 19 Function_006821F7 20 Function_006819CD 21 Function_00681FCD 22 Function_00682740 23 Function_00682642 24 Function_00681C42 25 Function_00681343 77 Function_00682E13 25->77 26 Function_006818C6 27 Function_00682D47 28 Function_00683047 29 Function_006831D9 30 Function_006833D9 31 Function_0068245A 32 Function_00682DDB 33 Function_00681FDD 34 Function_006832D3 35 Function_00681454 36 Function_00682454 37 Function_00682FA8 38 Function_0068292D 39 Function_006812AE 40 Function_006828AF 42 Function_00682520 43 Function_006824A0 45 Function_00682023 59 Function_00681B35 45->59 46 Function_00683623 47 Function_00681339 47->77 48 Function_00681B3B 49 Function_0068223B 50 Function_00681BBC 51 Function_0068303D 52 Function_00682D3F 53 Function_006822B0 54 Function_00682131 55 Function_00681D33 56 Function_006817B3 57 Function_00682EB3 58 Function_00681035 60 Function_006825B7 61 Function_00681608 62 Function_00682989 63 Function_0068310A 64 Function_0068178F 65 Function_0068348F 66 Function_00683000 67 Function_00681B02 68 Function_00681582 69 Function_00682A85 70 Function_00683198 71 Function_00683519 72 Function_00682419 73 Function_00682F99 74 Function_00682E1B 75 Function_00682D9B 76 Function_00681712 78 Function_00681414 79 Function_00683095 79->77

                                                                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                                                                          Function 006804CC Relevance: 1.5, APIs: 1, Instructions: 48nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtQuerySystemInformation.NTDLL(00000000,FB145B9B,E0605F88,00000002,?), ref: 006836B6
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000029.00000003.1373592313.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_41_3_680000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 8d827ceb1cc416b39031b6256c29159742f08048d30b83f4891e398e95171e99
                                                                                                                                                                                                                                                                                          • Instruction ID: 3ca999542a2a56876a66af802a83df3774d3903c4918d6dc629e95e57a961c21
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d827ceb1cc416b39031b6256c29159742f08048d30b83f4891e398e95171e99
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AB118E9080D3E45FD753A7748864A683FB25F03304F1A46CBD1C5DB1E3D6694A4ACB27
                                                                                                                                                                                                                                                                                          Function 00683519 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 13 683519-683548 14 683550-683556 13->14 15 6836b1-6836c3 NtQuerySystemInformation 14->15 17 6836c9 15->17 18 6819c1-6819c6 15->18 17->17 19 6819cc-6819d1 18->19 20 6834c1-6834c7 18->20 19->20 21 6819d7-6834c0 19->21 20->13
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtQuerySystemInformation.NTDLL ref: 006836B6
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000029.00000002.1379825388.0000000000681000.00000040.00001000.00020000.00000000.sdmp, Offset: 00681000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_41_2_681000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 2171132a724ee702e00d67cb4ae17207dee643bdc257fb58d7537d09c28e9070
                                                                                                                                                                                                                                                                                          • Instruction ID: b532392a9c893ca52561aac84b2f9a0703b37c6065d633a2a2a332d5e961c10f
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2171132a724ee702e00d67cb4ae17207dee643bdc257fb58d7537d09c28e9070
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F3016291C0C7D44FE753A3A498A17983FA16B17318F1606D6D1D5DA2D3D6284A078727
                                                                                                                                                                                                                                                                                          Function 00680335 Relevance: 1.5, APIs: 1, Instructions: 29memorynativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL(?,42025366), ref: 006827CB
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000029.00000003.1373592313.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_41_3_680000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 7fc04df0d5d77a41f467c6adf8d35f92e442f5b7f77c8826fd2060193fd8791e
                                                                                                                                                                                                                                                                                          • Instruction ID: d54f789de45a01b1ce2f6635014d12d38da238242392e78eee19c384115a0b98
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7fc04df0d5d77a41f467c6adf8d35f92e442f5b7f77c8826fd2060193fd8791e
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C6F01CD680D7D02EF3536674A8A5B843FA19B77248F0B45CBD0C4DB0E3D5A94A4F8326
                                                                                                                                                                                                                                                                                          Function 00683519 Relevance: 1.5, APIs: 1, Instructions: 26nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtQuerySystemInformation.NTDLL(00000000,FB145B9B,E0605F88,00000002,?), ref: 006836B6
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000029.00000003.1373592313.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_41_3_680000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: InformationQuerySystem
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3562636166-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 190a51f41ef361d33bfa81698acc1348fdb76df4dcbf211a6dfeeae8dfbe8205
                                                                                                                                                                                                                                                                                          • Instruction ID: 3930558bc2965558a5787790f7f05fb30db754339c18909ffaed12806d858299
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 190a51f41ef361d33bfa81698acc1348fdb76df4dcbf211a6dfeeae8dfbe8205
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 81F0FEC584C7D01EE35323A45C617943F615B2721CF1B06CAD1D4CA1E3D654090B8727
                                                                                                                                                                                                                                                                                          Function 00680814 Relevance: 1.5, APIs: 1, Instructions: 26nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtProtectVirtualMemory.NTDLL(?), ref: 00680856
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000029.00000003.1373592313.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_41_3_680000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: MemoryProtectVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2706961497-0
                                                                                                                                                                                                                                                                                          • Opcode ID: a7512f518d9cd3fd1093e4f2270c633ac2325be1cc000d8372d1ddfaef692cf0
                                                                                                                                                                                                                                                                                          • Instruction ID: 1c4cf87d3157cd4d76d262d5d2be548d3a9aa5514ab31f1ef838578b45f19688
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a7512f518d9cd3fd1093e4f2270c633ac2325be1cc000d8372d1ddfaef692cf0
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3BF05AC691E3D02EE743A3B458687487FB11B67209F0A85CAC2919B0E3E6A949098336
                                                                                                                                                                                                                                                                                          Function 006827A0 Relevance: 1.5, APIs: 1, Instructions: 19memorynativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL(?,42025366), ref: 006827CB
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000029.00000003.1373592313.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_41_3_680000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction ID: b22fdc5a0e063560f32bea943d53fa2c70974935da4da80311c4e2bd6e5b9654
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3E0928691E3D40EE70393745864A447FB15F67118F0B86DBD0D5CA0E3D6889A0AC326
                                                                                                                                                                                                                                                                                          Function 006827A0 Relevance: 1.5, APIs: 1, Instructions: 19memorynativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 23 6827a0-6827d1 NtAllocateVirtualMemory 24 68329d 23->24
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtAllocateVirtualMemory.NTDLL ref: 006827CB
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000029.00000002.1379825388.0000000000681000.00000040.00001000.00020000.00000000.sdmp, Offset: 00681000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_41_2_681000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: AllocateMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 2167126740-0
                                                                                                                                                                                                                                                                                          • Opcode ID: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction ID: b22fdc5a0e063560f32bea943d53fa2c70974935da4da80311c4e2bd6e5b9654
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 463493cebd59d1f188ea9a20502c0f4e100c46f55fa8f6262abcbcc5b70460af
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C3E0928691E3D40EE70393745864A447FB15F67118F0B86DBD0D5CA0E3D6889A0AC326
                                                                                                                                                                                                                                                                                          Function 00681457 Relevance: 1.5, APIs: 1, Instructions: 9nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          • NtFreeVirtualMemory.NTDLL(00000000,F40368AB), ref: 00682750
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000029.00000003.1373592313.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_41_3_680000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FreeMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3963845541-0
                                                                                                                                                                                                                                                                                          • Opcode ID: b48d3e1404e8900d199013f262c6db174cb68df81b1b54382843596abfa5e2cd
                                                                                                                                                                                                                                                                                          • Instruction ID: fb70e740196f8677b358cb6bec872f030bddb9905b3555d8c97fd0f01fbc0701
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b48d3e1404e8900d199013f262c6db174cb68df81b1b54382843596abfa5e2cd
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 63B012200440023668D0B3F4987BC2D004729593883200F157453F10558C24822A577E
                                                                                                                                                                                                                                                                                          Function 00682740 Relevance: 1.5, APIs: 1, Instructions: 8nativeCOMMON
                                                                                                                                                                                                                                                                                          Download Yara Rule

                                                                                                                                                                                                                                                                                          Control-flow Graph

                                                                                                                                                                                                                                                                                          • Executed
                                                                                                                                                                                                                                                                                          • Not Executed
                                                                                                                                                                                                                                                                                          control_flow_graph 25 682740-682752 NtFreeVirtualMemory 28 682e0f-682e10 25->28
                                                                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                                                                          • Source File: 00000029.00000002.1379825388.0000000000681000.00000040.00001000.00020000.00000000.sdmp, Offset: 00681000, based on PE: false
                                                                                                                                                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                          • Snapshot File: hcaresult_41_2_681000_DesktopLayer.jbxd
                                                                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                                                                          • API ID: FreeMemoryVirtual
                                                                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                                                                          • API String ID: 3963845541-0
                                                                                                                                                                                                                                                                                          • Opcode ID: daf8ff062a64d71ed8538d5a4dfc0d1fcbc3b82ee8d6e8e9fd10b4b60d0c9c1d
                                                                                                                                                                                                                                                                                          • Instruction ID: 35218ffcb170a6b5e3c12f028bb54e1a4e705831e2645bba3c482891e87dc726
                                                                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: daf8ff062a64d71ed8538d5a4dfc0d1fcbc3b82ee8d6e8e9fd10b4b60d0c9c1d
                                                                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D3B012100440013668C0B3F4986B81D000625593883100F153452F10458C248229477D